WordPress To Protect Millions Of Sites By Preventing Hackers Exploiting Vulnerable Out-Of-Date Plugins

By   ISBuzz Team
Writer , Information Security Buzz | Mar 17, 2020 02:32 am PST

WordPress plugins pose one of the biggest threats to website security, if they are not updated and many site owners usually install themes and plugins and then forget to update them.

The WordPress development team is already working on adding an auto-update mechanism to themes and plugins, a common source of website hacks.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
March 17, 2020 10:35 am

It is a long-awaited security improvement for WordPress’s ecosystem given that most of the incidents involving WP websites flow from vulnerable and outdated third-party code. I would, however, be cautiously optimistic unless this feature is enabled by default, as otherwise a considerable number of website owners will unwittingly or purposely ignore it, being anxious that automated updates can accidentally break something.

Moreover, one should bear in mind that many critical security flaws affecting the plugins, ranging from RCE to SQL injections, are commonly and aggressively exploited in the wild, while plugin developers are working on a security patch. Most of the plugin developers do not have a dedicated security team and release updates with a substantial delay, when most of the publicly exposed WP websites are already hacked and backdoored for further resale on the Dark Web market places.

That being said, maintaining a basic set of web security hardening options, ranging from WP security plugins to properly configured CSP and WAF, are indispensable to preserve your WordPress website from a data breach.

Last edited 3 years ago by Ilia Kolochenko

Recent Posts

Would love your thoughts, please comment.x