Website Plugin Updates - WordPress Management Services - Episode 94

WordPress Plugin Exploits – How Do We Detect Them?

One of the beautiful things about WordPress is that you can add in plugins to handle specific tasks that you want to do. Rather than the core software being bloated for every possible scenario; shopping carts, galleries, auctions, team bio, event planning, etc., WordPress is designed so that you get to pick and choose what you want, when you want it.

The downfall of this system however is that a different author creates every item you want to use, and over time, those authors may get bored of their plugin and no longer update it. In many situations, the plugin was FREE to use, and the authors just stop responding. Sometimes the community jumps on this and proclaims, “you get what you paid for,” and while we can somewhat agree, it’s never fun to have something just no longer work overnight.

Plugin exploits happen all the time, it’s just part of how software evolves, but more often than not, it’s the website owners that failed to update the plugin to the latest branch that left their website vulnerable to begin with.

This week, Conor and Kimberly dive into some recent plugin exploits, where to get information on potential exploits, and how you can mitigate things before it gets too bad.

Check out the video from a recent Facebook Live. Don’t forget to subscribe to the YouTube channel for more videos, and of course, check out our Facebook page so you can be alerted each week when we go live with another installment (currently Fridays at 1pm Central Time)

Want to skip around the video?

1:00 – if you’re looking to get into Facebook Live and videos etc, there’s a lot of work, but it’s worth it!
4:35 – We’re talking about plugins today, and specifically WordPress plugins. WordPress plays well with SEO which is why we use it so much
5:50 – Test your plugins, but remove the ones that don’t work. They can slow your site, and make it vulnerable, even if not active
7:35 – Generate your backups, and update your plugins. If you don’t upgrade, you leave things vulnerable
8:20 – What are plugins? WordPress is the core software, each additional “feature” is usually considered a plugin. Shopping carts, galleries, etc
9:23 – When a plugin is not active, that just means WordPress isn’t using it. But since the files exist on the server, you can potentially exploit the site
10:20 – Pay attention to sliders and moving features. Each of those load a jQuery file, and many times people load multiple sliding banners and that means the same jQuery file has to be loaded several times – each one leading to a slowdown on the site
12:05 – don’t be afraid to reach out to plugin developers to request features or ask questions about why something might slow down something else
13:30 – There were 3 major exploits released
– “Duplicator 1.3.28 and less is exploitable” – over 1 million installations
– “EZ Property Listings”
– “WP-Central” is a control panel to allow designers to access sites (WP-Central 1.5.1 and lower is exploitable)
15:18 – We perform plugin management for clients. If you need routine updates or one-off, let us know
16:00 – if you update plugins yourself, generate backups. Here are the plugin update steps we recommend – do them individually
17:25 – WordPress and websites should be updated regularly. It’s just like changing the oil in a car. Do it on a regular basis.
18:00 – Run your updates on a staging site when possible, or run updates in separate folders or accounts. It’s time-consuming, but it’s your best option!
19:55 – How do you find out about plugin updates? We use a few sites
– Wordfence monitors plugins along with a firewall etc. We strongly recommend it.
– Sucuri – Website Security, Plugin Monitoring
– WPvulndb – WordPress Vulnerability Database – They monitor potential exploits
23:20 – Keep a Google Doc file of all plugins you installed and keep a list of when various versions were updated. It will help your designer later if there’s a hack
25:40 – if your website does get hacked, do not go in and start deleting files or updating plugins. Reach out to us and we can assist.
27:00 – To determine if a plugin is worth installing or if it can be trusted, check the reviews at WordPress Plugin’s site, see how the support is being answered. If there’s no new support responses or lack of updates, we’d normally recommend staying away from the plugin.

Join Us Each Week For A New Facebook Live

Every week, Conor & Kimberly have a Facebook Live that is open to everyone. We usually have a topic pre-planned, but we’re always open to new discussions during the broadcast! 

If you have a topic that you’d like us to cover, drop us a note and we’ll do our best to get it added to the schedule!

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Check Out These Other Articles
New Features in Google My Business

New Features And Attributes in Google My Business

This week, Google released a few new attributes that can be used in Google My Business (GMB) listings. Now, along with your map, hours of operation, pictures and other information, you can show additional attributes such as Women-Led, Veteran-Led, Online Classes, Online Estimates, Dine-In, Curbside Delivery and more. Watch this week’s video, or read the post for more information on the new features available for your GMB account.

The Blog to End All Blogs: Part 3, The Long Game

It’s been shown that readers of blogs make quick decisions about what to read based on the title and first few lines—with hundreds of new articles being posted every day, readers pretty much have to make those kinds of decisions just to keep their heads above water. If you want to get their attention, you have to spend time thinking


Web Design Mistakes That Will Cost You Money

While appearance is important, a quality business web design is about much more than just aesthetics. Without a quality design that’s done right, Omaha businesses can miss out on new customers that come to their site. Because Big Red SEO specializes in both designing new business websites and redesigning existing websites, we know from firsthand experience the types of mistakes