WordPress a common and famous platform for blogging and wordpress plugins are very common and make the life of blogger easy
because a plug in can perform the work fast and accurately and it does not require so much technical knowledge and skills.
WordPress plugins are available for different purposes like to tweak your blog , for SEO purpose, social sharing purpose
and for security purpose. There are so many plugins are available to provide the security of wordpress blog and they
usually called the plugins to secure a wordpress but these plugins itself has several vulnerabilities and these plugins
also plays an important role to compromise a wordpress blog.
The point is very simple that the plugins may be very dangerous for the security of wordpress blog, so what are the
security risks? And how an attacker can take the advantages of insecure wordpress plugins ?
The biggest example is timthumb vulnerability, timthumb is a script and a plugin used for crop the images but meanwhile
timthumb can be used to hack into a website, there are so many other techniques that an attacker may use to hack into a
wordpress blog, for example a malicious person has created a plugins that contain the code of the malwares and can easily
hijack the session of the visitors, now the attacker might use some social engineering and the promotion techniques to
promote the plugins and suppose that the thousands innocent bloggers has installed the plugins on their blog it means that
their visitors can be redirect to the malicious website and can be the victim of the iFrame injection security attack.
The other point of consideration:
Whenever you install a plugin, the extra php code will insert into the core wordpress files.
Extra plugins are the burden on the administration and it consume space.
Old plugin may cause the compatibility problem with your current (latest) wordpress software, so the plugin will break
and disclose the sensitive information of the server.
Third party plugins may use some data from the third party website, let suppose the other website has been compromised
and the worm spread itself then your website will be the next victim.
Although the importance of automatic scanners and plugins exist but manual review and manual security checklist has its own
importance and we should not neglect it, beside automatic scanning do review the security of your wordpress blog by
manually and do not forget to review of the source code of plugins.
The main tips to remain secure from the plugins risk is to active on the plugins community, learn about the latest changes,
update the plugin whenever available.
because a plug in can perform the work fast and accurately and it does not require so much technical knowledge and skills.
WordPress plugins are available for different purposes like to tweak your blog , for SEO purpose, social sharing purpose
and for security purpose. There are so many plugins are available to provide the security of wordpress blog and they
usually called the plugins to secure a wordpress but these plugins itself has several vulnerabilities and these plugins
also plays an important role to compromise a wordpress blog.
The point is very simple that the plugins may be very dangerous for the security of wordpress blog, so what are the
security risks? And how an attacker can take the advantages of insecure wordpress plugins ?
The biggest example is timthumb vulnerability, timthumb is a script and a plugin used for crop the images but meanwhile
timthumb can be used to hack into a website, there are so many other techniques that an attacker may use to hack into a
wordpress blog, for example a malicious person has created a plugins that contain the code of the malwares and can easily
hijack the session of the visitors, now the attacker might use some social engineering and the promotion techniques to
promote the plugins and suppose that the thousands innocent bloggers has installed the plugins on their blog it means that
their visitors can be redirect to the malicious website and can be the victim of the iFrame injection security attack.
The other point of consideration:
Whenever you install a plugin, the extra php code will insert into the core wordpress files.
Extra plugins are the burden on the administration and it consume space.
Old plugin may cause the compatibility problem with your current (latest) wordpress software, so the plugin will break
and disclose the sensitive information of the server.
Third party plugins may use some data from the third party website, let suppose the other website has been compromised
and the worm spread itself then your website will be the next victim.
Although the importance of automatic scanners and plugins exist but manual review and manual security checklist has its own
importance and we should not neglect it, beside automatic scanning do review the security of your wordpress blog by
manually and do not forget to review of the source code of plugins.
The main tips to remain secure from the plugins risk is to active on the plugins community, learn about the latest changes,
update the plugin whenever available.
.jpg)
0 comments:
Post a Comment