If you’ve been following the news, then you’re aware of the rash of vulnerable WordPress plugins that have recently been discovered. For example, previous versions of the WP Super Cache plugin were affected by a cross-site scripting (XSS) vulnerability that could provide potential attackers with access to your site. In addition, a few websites made the news after being hacked by members of the organized group of Islamic State sympathizers via a vulnerability in the FancyBox plugin. Another plugin, Yoast, was vulnerable to blind SQL injection attacks, which can lead to database breaches and possible exposure of confidential information.
In all cases said plugins quickly released an updated version that eliminated the vulnerabilities, but it brings to light a well-known issue. While one of the main advantages of WordPress Hosting is its extensibility through these third party plugins, due to their nature and different coding standards, they do come with inherent security risks. When third party plugins interact with WordPress, vulnerabilities are often created that can allow a variety of attacks, like buffer overflow exploits or SQL injections. Because vulnerable WordPress plugins are common, it’s important to take as many precautions as possible with standard security practices, looking closely at what security plugins you have installed, and also generally maintaining your plugins in a responsible manner.
Follow Our Most Recommended WordPress Security Tips
These tips include making sure you update your plugins regularly. Updates for plugins often contain fixes for recently discovered vulnerabilities and updating them is an easy way to protect your site.
Utilize Our Recommended WordPress Security Plugins
The right security plugins can help protect your site from many types of malicious activities. There are even plugins, such as WordFence, that will scan your site for changes to both your WordPress core files and your plugins’ source code.
Practice Plugin Responsibility
The first part of plugin responsibility is to update, update, update! Enabling automatic background update for WordPress Core will allow it to automatically update whenever a new release is available, minimizing the risk of vulnerabilities. Of course, we’ve mentioned using updated plugins and themes to minimize risk. It may also help to regularly check this updated list of known WordPress vulnerabilities to keep you aware of any known issues. Lastly, practicing proper plugin responsibility means only downloading plugins from reputable sources or with high user ratings, and deleting any unused plugins from your WordPress. Code from inactive plugins can still be hacked!
While third-party plugins come with a certain amount of risk, these simple steps will help you protect your site from attacks. Third-party plugins and custom modifications are not covered with our fully managed Heroic Support®, but our team will provide Best Effort Support for those and other issues. As always, our Heroic Support® is here to help, 24/7/365.
Want WordPress without the hassle? Check out WordPress Without Limits, a managed WordPress solution, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL.