Website Plugin Updates - WordPress Management Services - Episode 94
Estimated Reading Time: 5 minutes

WordPress Plugin Exploits – How Do We Detect Them?

Table of Contents
    Add a header to begin generating the table of contents

    One of the beautiful things about WordPress is that you can add in plugins to handle specific tasks that you want to do. Rather than the core software being bloated for every possible scenario; shopping carts, galleries, auctions, team bio, event planning, etc., WordPress is designed so that you get to pick and choose what you want, when you want it.

    The downfall of this system however is that a different author creates every item you want to use, and over time, those authors may get bored of their plugin and no longer update it. In many situations, the plugin was FREE to use, and the authors just stop responding. Sometimes the community jumps on this and proclaims, “you get what you paid for,” and while we can somewhat agree, it’s never fun to have something just no longer work overnight.

    Plugin exploits happen all the time, it’s just part of how software evolves, but more often than not, it’s the website owners that failed to update the plugin to the latest branch that left their website vulnerable to begin with.

    This week, Conor and Kimberly dive into some recent plugin exploits, where to get information on potential exploits, and how you can mitigate things before it gets too bad.

    Check out the video from a recent Facebook Live. Don’t forget to subscribe to the YouTube channel for more videos, and of course, check out our Facebook page so you can be alerted each week when we go live with another installment (currently Fridays at 1pm Central Time)

    Want to skip around the video?

    1:00 – if you’re looking to get into Facebook Live and videos etc, there’s a lot of work, but it’s worth it!
    4:35 – We’re talking about plugins today, and specifically WordPress plugins. WordPress plays well with SEO which is why we use it so much
    5:50 – Test your plugins, but remove the ones that don’t work. They can slow your site, and make it vulnerable, even if not active
    7:35 – Generate your backups, and update your plugins. If you don’t upgrade, you leave things vulnerable
    8:20 – What are plugins? WordPress is the core software, each additional “feature” is usually considered a plugin. Shopping carts, galleries, etc
    9:23 – When a plugin is not active, that just means WordPress isn’t using it. But since the files exist on the server, you can potentially exploit the site
    10:20 – Pay attention to sliders and moving features. Each of those load a jQuery file, and many times people load multiple sliding banners and that means the same jQuery file has to be loaded several times – each one leading to a slowdown on the site
    12:05 – don’t be afraid to reach out to plugin developers to request features or ask questions about why something might slow down something else
    13:30 – There were 3 major exploits released
    – “Duplicator 1.3.28 and less is exploitable” – over 1 million installations
    – “EZ Property Listings”
    – “WP-Central” is a control panel to allow designers to access sites (WP-Central 1.5.1 and lower is exploitable)
    15:18 – We perform plugin management for clients. If you need routine updates or one-off, let us know
    16:00 – if you update plugins yourself, generate backups. Here are the plugin update steps we recommend – do them individually
    17:25 – WordPress and websites should be updated regularly. It’s just like changing the oil in a car. Do it on a regular basis.
    18:00 – Run your updates on a staging site when possible, or run updates in separate folders or accounts. It’s time-consuming, but it’s your best option!
    19:55 – How do you find out about plugin updates? We use a few sites
    – Wordfence monitors plugins along with a firewall etc. We strongly recommend it.
    – Sucuri – Website Security, Plugin Monitoring
    – WPvulndb – WordPress Vulnerability Database – They monitor potential exploits
    23:20 – Keep a Google Doc file of all plugins you installed and keep a list of when various versions were updated. It will help your designer later if there’s a hack
    25:40 – if your website does get hacked, do not go in and start deleting files or updating plugins. Reach out to us and we can assist.
    27:00 – To determine if a plugin is worth installing or if it can be trusted, check the reviews at WordPress Plugin’s site, see how the support is being answered. If there’s no new support responses or lack of updates, we’d normally recommend staying away from the plugin.

    Join Us Each Week For A New Facebook Live

    Every week, Conor & Kimberly have a Facebook Live that is open to everyone. We usually have a topic pre-planned, but we’re always open to new discussions during the broadcast! 

    If you have a topic that you’d like us to cover, drop us a note and we’ll do our best to get it added to the schedule!

    Share this post

    Check Out These Other Articles
    Web Design Mistakes That Will Cost You Money

    While appearance is important, a quality business web design is about much more than just aesthetics. Without a quality design that’s done right, Omaha businesses can miss out on new customers that come to their site. Because Big Red SEO specializes in both designing new business websites and redesigning existing websites, we know from firsthand

    Read More »
    Time To Update Your Website at Big Red SEO Omaha
    The Right Time for a New Omaha Web Design

    Most Omaha business owners are aware that the Internet can help them market their business and bring in new customers. Because of this, an Omaha business may already have some kind of website. However, the business may be unhappy with the lack of results the site is driving. If this sounds similar to the position

    Read More »
    I Don’t Have to Outrun the Lion; Only You!

    There’s an old joke about two guys who are walking through an African game reserve when they stumble upon a lion. One of the men calmly puts down his backpack and then takes off running. The other man yells, “You’ll never outrun that lion!” to which the other man responds, “I don’t need to outrun

    Read More »