WordPress Plugin Security Vulnerabilities
April 14th, 2016 Tags: WordPress Plugin Security Vulnerabilities
Posted in WordPress Plugin Security Vulnerabilities, WordPress Security, WordPress security best practices
This post is about WordPress plugin security vulnerabilities. It’s great having WordPress plugins that extend the functionality of your WordPress site. They allow you to do many useful things – duplicate Pages or Posts, lock down your membership content, SEO your posts and many other things.
Realistically, no WordPress site can afford to not benefit from the functionality that plugins bring.
But there’s a problem.
What Are WordPress Plugin Security Vulnerabilities?
Many WordPress sites have a whole host of plugins. And they get updated quite frequently. Sometimes the reason for this update is to add functionality, sometimes it’s to work with a new WordPress version. But most often they’re updated when the authors discover vulnerabilities in them.
As a result, when you manage a WordPress website, you have to ensure all your plugins are up to date. If they get out of date, you’re leaving potential security holes in your site. Holes that hackers can exploit.
Don’t Hackers Just Guess Your Password?
Many people think that hackers gain access by guessing your username and password. And yes, this does happen. You can protect yourself against this by having hard to guess passwords and not having ‘admin’ as your username.
But more frequently, hackers make use of plugin vulnerabilities in your out of date plugins.
So Why Are Plugins Vulnerable?
Let’s have a look at the components of a WordPress site. As well as the core WordPress files, you have a Theme and you have one or more (often a lot more) plugins.
A WordPress site has one version of WordPress, which may or may not be current. Most sites now auto-update WordPress when a new WordPress version is released. So now, unless your WordPress version is seriously out of date, WordPress auto-update will cope with WordPress core updates.
WordPress Themes
You will have one active theme, and this may be a free theme or a paid theme. I always recommend getting a paid theme from a reputable developer who updates his theme regularly and offers support if you can’t get something to work.
With free themes, you’re on your own. If it breaks, tough luck – you have to fix it yourself (are you any good at PHP coding?
Reputable vendors of paid themes – like WooThemes – offer support that you can call on in times of difficulty.
WordPress themes don’t get updated that often, and you’ll normally stick with one – as this determines the look and feel of your site.
That leads us to plugins.
WordPress Plugins
Many sites have a whole host of plugins, each of which providing a piece of needed functionality. Because the average site has so many, there are many opportunities for a plugin to get out of date and have vulnerabilities. Hence the need to keep them regularly updated.
And unlike WordPress core files, plugins do not get updated automatically.
This in turn means that if you manage a WordPress site, you need to log into it regularly to check if any plugins need updating. The alternative is to leave your site exposed to hackers.
How Often Are Plugins Updated?
I manage many sites on behalf of my clients and myself. Every single day I see multiple cases of plugins that need to be updated. Often I will need to update plugins on sites twice or three times a day.
So What Should You Do?
If you don’t want – or are unable – to log in to your WordPress site every day, I provide a service to do this for you. It will also take care of your WordPress core and any theme updates – though these require updating far less frequently.
Next Steps To Address WordPress Plugin Security Vulnerabilities
If you believe that I can help you with keeping your WordPress websites up to date with your WordPress plugins as well as WordPress core files and your theme, contact me here.
CLICK HERE: Discover a New Solution To Keeping Your WordPress Site Up To Date
Comments are closed.