WordPress To Protect Millions Of Sites By Preventing Hackers Exploiting Vulnerable Out-Of-Date Plugins

WordPress plugins pose one of the biggest threats to website security, if they are not updated and many site owners usually install themes and plugins and then forget to update them.

The WordPress development team is already working on adding an auto-update mechanism to themes and plugins, a common source of website hacks.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
InfoSec Expert
March 17, 2020 10:35 am

It is a long-awaited security improvement for WordPress’s ecosystem given that most of the incidents involving WP websites flow from vulnerable and outdated third-party code. I would, however, be cautiously optimistic unless this feature is enabled by default, as otherwise a considerable number of website owners will unwittingly or purposely ignore it, being anxious that automated updates can accidentally break something.

Moreover, one should bear in mind that many critical security flaws affecting the plugins, ranging from RCE to SQL injections, are commonly and aggressively exploited in the wild, while plugin developers are working on a security patch. Most of the plugin developers do not have a dedicated security team and release updates with a substantial delay, when most of the publicly exposed WP websites are already hacked and backdoored for further resale on the Dark Web market places.

That being said, maintaining a basic set of web security hardening options, ranging from WP security plugins to properly configured CSP and WAF, are indispensable to preserve your WordPress website from a data breach.

Last edited 2 years ago by Ilia Kolochenko
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x