WordPress is the most widely used CMS (content management system) in the world. The reason? Flexibility and community support. The WordPress platform allows full customization and a community of support and innovation like no other. Developers are constantly publishing new plugins with increased functionality that allows for wonderful additions to almost any site. WordPress started as a blogging platform but due to the amazing community of developers that flocked to it in recent years, has grown far beyond what anyone at WordPress could ever have imagined. Currently WordPress makes up approximately 25.4% of all the websites online and include everything from news sites, company sites, magazines, social networks, sports sites, and more.
Why It Is Vulnerable?
The fact that WordPress is so popular makes it a very valuable target for hackers. If they are able to exploit a weakness in one site they can exploit it in millions of sites. A few months ago we published a post about making sure your WordPress core code is up to date, today we will discuss why you need to make sure your plugin code is up to date.
A single outdated plugin with known security flaws can allow hackers into your site. They are able to exploit the flaw and gain access to your files using either an LFI (Local File Inclusion) attack or a Web Shell attack which gives the hacker remote access to your entire website allowing them to take and change whatever they please. Obviously this is a problem. A hacked website can lead to loss of records, rankings, or worse.
When publishers stop releasing updates for the plugin or if it has not been updated to the latest version it is considered outdated and therefore vulnerable. It is important to first look at the publishers record for maintaining their plugins before installing on your website.
Some very popular tools which monitor WordPress for vulnerabilities are Sucuri/iThemes and WordFence. We are able to report the following statistics provided by these two companies;
- 55.9% of WordPress site hacks are through plugins
- 38.77% of WordFence’s 1.5 million clients received hack attempts last week
- 20,644,496 Attacks were blocked by WordFence last week
- iThemes uses Sucuri to mitigate an average of 1.5 potential attacks per minute
What You Can Do
As a website owner the best thing you can do is make sure your plugins are always up to date. The longer they remain outdated the longer your website is vulnerable. You will want to make sure to review your WordPress dashboard frequently to ensure that both the core and plugins are all up to date.
NetClimber is proud to offer our proactive maintenance package which ensures all plugins are kept up-to-date, WordPress Core is updated, brute force protection, File-change detection, and a host of other options to keep your website safe and secure!
Learn more about how attackers gain access to WordPress websites.
See the top 50 most attacked plugins according to WordFence data.