Call Us
Free Reviews Tracking Free Web Health Grader Free Ebooks

WordPress Security: Secure Your Plugins

Users of WordPress have noticed a weak point in the security of the most popular CMS in the world.

Currently, there is no way to be directly alerted through the repository that the plugins you are using have been flagged as unsafe to use. This means that hackers might have an easier time penetrating into a higher number of sites through insecure and unchecked plugins.

There is no way for someone using a plugin to be alerted that their plugin has been compromised. This puts users of compromised plugins at potential risk.

More and more WordPress users are urging the developers of WordPress to turn attention to the weakness but things have been “in the works” for quite some time. This weak point is something that should be addressed.

But for now, this is a weak link in the WordPress security chain.

What can be done?

There are currently other plugins like the “No Longer in Directory” plugin. This plugin is fairly simple. It does a scan of the plugins you currently have on your WordPress site and compares it to the list for the repository. It also scans for plugins that have returned after being removed.

Unfortunately, this plugin is not an automatic, meaning you must manually run the check in order to detect any new problems on your site.

There are other plugins that will alert a user when a plugin has gone unmaintained  but not reported. These unmaintained plugins can create a higher possibility of a security risk. They might also create an unstable atmosphere for your site if they are not designed for your current version of WordPress. So it is important to be aware of unmaintained plugins as well.

Why are plugins removed from the Repository?

Plugins can be removed from the repository for a variety of reason. The most important reason is that the plugin has proven to create a security vulnerability for its users. Here is a list of other possible reasons for plugins being removed:

  • they are found to break the GPL
  • they are found to break the directory rules
  • other plugins by the author are found to be a problem and all are removed pending investigation
  • the author asks for it to be closed
  • the author asks for it to be closed because they are re-releasing under a different name
  • it is being investigated after non-specific complaints

How often should you check?

The more frequent you check for insecure plugins, the better! Since hackers have been known to attack at any hour, there is no such thing as an inappropriate time for a safety check.

If you enjoyed this post, please consider leaving a comment below or following us on Twitter and Facebook

Related Posts:

  • No Related Posts
About Tyler Weber
Tyler is a graduate of Bethel University and was added as the Director of Public Relations in 2013. With a background in Non-Profit and Public Relations, Tyler enjoys refining his communication skills while working toward a “Big-Picture” purpose. In addition to staying on the cutting edge of communication, he does his best to see the person in every interaction. If you were to sit and have a conversation with him you would likely discuss a variety of diverse topics from tattoos to your ideal super power. You can follow Tyler at Google+

This entry was posted in WordPress Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2015 by Digital Solutions, Inc All Rights Reserved. - Digital Solutions, Inc - 1313 Chestnut Ave Ste 200 - Minneapolis, MN 55403 - (952) 703-3996