Insecure plugins in WordPress cause problems

Insecure plugins in WordPress cause problems
datum-geschreven 21 Sep 2023

How can a plugin become insecure?

  1. When it hasn’t been updated by the developer for more than 2 years.
    bijwerken plugin
  2. If the developer doesn’t have proper training and simply copies code from the internet to create a plugin.
  3. If input fields and search fields are not properly protected against injections.

The problems caused by insecure plugins

As mentioned in point 3, insecure plugins can be used to perform database injections. The database contains all your pages, news posts, and yes: the users and administrators of your website.
If there is access to the database, anything is possible, and the website is completely in the hands of the hacker.
Not only that, but the injections and modifications are done automatically by computers. Rapidly and with thousands of websites per day.

An insecure plugin is a ticking time bomb for your website.

How can you check if a plugin is secure?

  1. The website collects information about many plugins that have been known to have vulnerabilities. Check if your plugin is listed there.
  2. Check if your website has been injected using the Sucuri Malware Scanner.
  3. Use WPscan on Linux. This is quite complex, but if you have a highly important website, it is a step you should take to ensure security.


Try to use as few plugins as possible. Every plugin is a potential door for hackers and scripts that are eager to place links to their own website on yours.



De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties