Categories
Website Plugin Updates - WordPress Management Services - Episode 94
Estimated Reading Time: 5 minutes

WordPress Plugin Exploits – How Do We Detect Them?

Table of Contents
    Add a header to begin generating the table of contents

    One of the beautiful things about WordPress is that you can add in plugins to handle specific tasks that you want to do. Rather than the core software being bloated for every possible scenario; shopping carts, galleries, auctions, team bio, event planning, etc., WordPress is designed so that you get to pick and choose what you want, when you want it.

    The downfall of this system however is that a different author creates every item you want to use, and over time, those authors may get bored of their plugin and no longer update it. In many situations, the plugin was FREE to use, and the authors just stop responding. Sometimes the community jumps on this and proclaims, “you get what you paid for,” and while we can somewhat agree, it’s never fun to have something just no longer work overnight.

    Plugin exploits happen all the time, it’s just part of how software evolves, but more often than not, it’s the website owners that failed to update the plugin to the latest branch that left their website vulnerable to begin with.

    This week, Conor and Kimberly dive into some recent plugin exploits, where to get information on potential exploits, and how you can mitigate things before it gets too bad.

    Check out the video from a recent Facebook Live. Don’t forget to subscribe to the YouTube channel for more videos, and of course, check out our Facebook page so you can be alerted each week when we go live with another installment (currently Fridays at 1pm Central Time)

    Want to skip around the video?

    1:00 – if you’re looking to get into Facebook Live and videos etc, there’s a lot of work, but it’s worth it!
    4:35 – We’re talking about plugins today, and specifically WordPress plugins. WordPress plays well with SEO which is why we use it so much
    5:50 – Test your plugins, but remove the ones that don’t work. They can slow your site, and make it vulnerable, even if not active
    7:35 – Generate your backups, and update your plugins. If you don’t upgrade, you leave things vulnerable
    8:20 – What are plugins? WordPress is the core software, each additional “feature” is usually considered a plugin. Shopping carts, galleries, etc
    9:23 – When a plugin is not active, that just means WordPress isn’t using it. But since the files exist on the server, you can potentially exploit the site
    10:20 – Pay attention to sliders and moving features. Each of those load a jQuery file, and many times people load multiple sliding banners and that means the same jQuery file has to be loaded several times – each one leading to a slowdown on the site
    12:05 – don’t be afraid to reach out to plugin developers to request features or ask questions about why something might slow down something else
    13:30 – There were 3 major exploits released
    – “Duplicator 1.3.28 and less is exploitable” – over 1 million installations
    – “EZ Property Listings”
    – “WP-Central” is a control panel to allow designers to access sites (WP-Central 1.5.1 and lower is exploitable)
    15:18 – We perform plugin management for clients. If you need routine updates or one-off, let us know
    16:00 – if you update plugins yourself, generate backups. Here are the plugin update steps we recommend – do them individually
    17:25 – WordPress and websites should be updated regularly. It’s just like changing the oil in a car. Do it on a regular basis.
    18:00 – Run your updates on a staging site when possible, or run updates in separate folders or accounts. It’s time-consuming, but it’s your best option!
    19:55 – How do you find out about plugin updates? We use a few sites
    – Wordfence monitors plugins along with a firewall etc. We strongly recommend it.
    – Sucuri – Website Security, Plugin Monitoring
    – WPvulndb – WordPress Vulnerability Database – They monitor potential exploits
    23:20 – Keep a Google Doc file of all plugins you installed and keep a list of when various versions were updated. It will help your designer later if there’s a hack
    25:40 – if your website does get hacked, do not go in and start deleting files or updating plugins. Reach out to us and we can assist.
    27:00 – To determine if a plugin is worth installing or if it can be trusted, check the reviews at WordPress Plugin’s site, see how the support is being answered. If there’s no new support responses or lack of updates, we’d normally recommend staying away from the plugin.

    Join Us Each Week For A New Facebook Live

    Every week, Conor & Kimberly have a Facebook Live that is open to everyone. We usually have a topic pre-planned, but we’re always open to new discussions during the broadcast! 

    If you have a topic that you’d like us to cover, drop us a note and we’ll do our best to get it added to the schedule!

    Share this post

    Check Out These Other Articles
    Mobile Web Design for Businesses in 2016 and Beyond

    Mobile web design is no longer something that’s optional for Omaha businesses. The reason that this type of web design has become a necessity and will remain that way for the foreseeable future is many people now use mobile devices like phones or tablets as their main way to get online. It’s not uncommon for websites to get more than half of all their traffic from those types of devices.

    Read More »
    The Magic ‘Tricks’ of Web Design, Part 1

    What if our web design team at Big Red SEO told you there was a set of magic rules to designing websites, and that simply by following them to the letter you could drastically increase your conversions? Well, that’s not too far from the truth. While we aren’t talking incantations or pulling rabbits out of hats here, our Omaha web design and SEO team here at Big Red SEO wants to let you in on some time-tested design secrets that work like magic to improve the look and end-user experience of your websites, all with the potential to boost your

    Read More »
    Categories