Protect Your Site From WordPress Plugin Vulnerabilities

Posted on | Updated:

Protect Your Site From WordPress Plugin Vulnerabilities
If you’ve been following the news, then you’re aware of the rash of vulnerable WordPress plugins that have recently been discovered. For example, previous versions of the WP Super Cache plugin were affected by a cross-site scripting (XSS) vulnerability that could provide potential attackers with access to your site. In addition, a few websites made the news after being hacked by members of the organized group of Islamic State sympathizers via a vulnerability in the FancyBox plugin. Another plugin, Yoast, was vulnerable to blind SQL injection attacks, which can lead to database breaches and possible exposure of confidential information.

In all cases said plugins quickly released an updated version that eliminated the vulnerabilities, but it brings to light a well-known issue. While one of the main advantages of WordPress Hosting is its extensibility through these third-party plugins, due to their nature and different coding standards, they do come with inherent security risks. When third-party plugins interact with WordPress, vulnerabilities are often created that can allow a variety of attacks, like buffer overflow exploits or SQL injections. Because vulnerable WordPress plugins are common, it’s important to take as many precautions as possible with standard security practices, looking closely at what security plugins you have installed, and also generally maintaining your plugins in a responsible manner.

  1. Follow Our Most Recommended WordPress Security Tips

    These tips include making sure you update your plugins regularly. Updates for plugins often contain fixes for recently discovered vulnerabilities and updating them is an easy way to protect your site.

  2. Utilize Our Recommended WordPress Security Plugins

    The right security plugins can help protect your site from many types of malicious activities. There are even plugins, such as WordFence, that will scan your site for changes to both your WordPress core files and your plugins’ source code.

  3. Practice Plugin Responsibility

    The first part of plugin responsibility is to update, update, update! Enabling automatic background update for WordPress Core will allow it to automatically update whenever a new release is available, minimizing the risk of vulnerabilities. Of course, we’ve mentioned using updated plugins and themes to minimize risk. It may also help to regularly check this updated list of known WordPress vulnerabilities to keep you aware of any known issues. Lastly, practicing proper plugin responsibility means only downloading plugins from reputable sources or with high user ratings, and deleting any unused plugins from your WordPress. Code from inactive plugins can still be hacked!

While third-party plugins come with a certain amount of risk, these simple steps will help you protect your site from attacks. Third-party plugins and custom modifications are not covered with our fully managed Heroic Support®, but our team will provide Beyond Scope Support for those and other issues. As always, our Heroic Support® is here to help, 24/7/365.

Want WordPress without the hassle? Check out WordPress Without Limits, a managed WordPress solution, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL.

Want more news and updates like this straight to your inbox?

Keep up to date with the latest​ ​Hosting news.