Plugins, the weakest link in WordPress

Plugins, the weakest link in WordPress
datum-geschreven 16 Oct 2023

WordPress takes security seriously, and the company behind WordPress, “Automattic,” regularly releases security updates. Since 2007, we have been working with WordPress, and we can say that WordPress has always been one of the safest Content Management Systems, and it still is.

However, not every corner of the WordPress world is sunny. With 48,000+ free plugins created by unknown companies and developers, there are also many vulnerable plugins that become the weak link in WordPress’s watertight system.

Here are a few examples of popular plugins that have had security issues:

  1. All in One SEO – Improves Google rankings (2 vulnerabilities in 2016)
  2. W3 Total Cache – Speeds up the website (8 vulnerabilities in 2016)
  3. Contact Form 7 – Creates easy-to-use contact forms (last 3 vulnerabilities in 2014)
  4. Advanced Custom Fields – Enhances WordPress for advanced business websites (2 vulnerabilities since 2014)
  5. Akismet – Prevents comment spam (last vulnerability in 2015)

These are just five random plugins, but at the time of writing, there are 5194 known WordPress core, plugin, and theme vulnerabilities.

1 or 2 vulnerable plugins on my site are not a problem, right?

You might think, “Who would try those vulnerable plugins on my website?!” But here’s the bad news: at least 30,000 to 50,000 computers are actively hacking and processing 1000 requests per minute! Fully automated!

30,000 computers x 1000 requests = 30,000,000 x 24 hours
That’s 43,200,000,000 hacking attempts per day.

This only refers to home hackers who use programs to search the internet (Google) for injecting plugins. If we add the scripts running through servers, you wouldn’t believe how many websites are attempted and successfully hacked daily (to show advertisements).

All that effort for a little advertisement?

Indeed, once a site is hacked, the hacker will only display advertisements.

Consider what that does when a hacker can place their product on thousands of sites weekly, and some people end up buying it. The hacker exploits the trust that these sites have built with their customers. When a customer buys a product from the hacker’s webshop, the hacker earns good money. Usually, these products are expensive, and there’s uncertainty about whether they’ll arrive. In short, there’s a lot of money to be made in a short time without much effort.

Preventing Hackers from Exploiting Your Website

This antivirus plugin is specially developed for WordPress. The plugin is fully in Dutch and gives you a great advantage over hackers.

The plugin blocks injections, protects your server, and shows you who is attempting to log in to your WordPress falsely. This antivirus plugin combats hackers in over 200 ways and blocks many of their attempts.

All our sites run with this antivirus plugin because we don’t give hackers a chance!

More Tips to Protect Against Hacks

  1. Install a good antivirus for your WordPress website.
  2. Keep your WordPress up-to-date.
  3. Do not install unnecessary plugins and remove inactive plugins.
  4. Ensure your server is up-to-date.
  5. Regularly check if everything is running smoothly using Sucuri.
  6. Check the plugins you use for known vulnerabilities.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties