That depends on how you view updates. While I understand why you might think changing the alert status on plugin and theme notifications is a good idea, I would have to respectfully disagree. We think most hacked WordPress sites these days can be traced back to plugins and themes that weren’t updated. One of our best analysts, when asked, puts the number close to 85% that can trace the hack to some plugin or theme that wasn’t updated.
Most good plugin and theme authors fix their vulnerabilities quickly and WordPress core is very good about fixing vulnerabilities and a fix will emerge almost immediately. Therefore, keeping your site up-to-date is one of the most effective things you can do to prevent a hack. It is also why upgrading quickly when a security fix emerges is important.
As a side note, the vast majority of WordPress vulnerabilities are in plugins. You can see this data here: https://wpvulndb.com/
There have, however, been some serious theme related vulnerabilities that have allowed hackers to gain complete control of WordPress sites. The timthumb.php vulnerability is an example of this. It was a library with a severe vulnerability that was used by a wide range of theme vendors.
Knowing all this, we couldn’t really call ourselves a serious security vendor if we considered plugin or theme updates ‘advice’ or a ‘notification’ and nothing more. Leaving them unpatched can have serious consequences and at Wordfence we don’t want you to miss something that can be so devastating. I hope you can understand our position.
Tim
