- This topic has 1 reply, 1 voice, and was last updated 2 months, 3 weeks ago by Eric.
August 20, 2021 at 7:47 am #5404Roland WaddiloveKeymaster
Although WordPress has security issues from time to time, most security problems with websites stem from plugins. The severity of security flaws in plugins varies, but the worst ones can allow someone admin access or the ability to post any code on your site, even malware.
People worry about hackers and bots trying to log in, but really the login process is very secure. Forget logins, you should be concerned about plugin vulnerabilities.
You probably won’t hear about most of them. When security flaws are discovered in a plugin, the author fixes them and then issues an update. Often with no mention of the security flaw that was patched. This is why it is important to keep plugins up to date – you don’t know if an update is to fix a security flaw, so not updating a plugin can put your site at risk.
If you keep WordPress plugins updated, you are protected. Except, not all plugins are updated very quickly and some are never updated, so they continue to have security vulnerabilities and put your WordPress site at risk.
How do you know there is a security flaw in a plugin that has not been fixed? A good source of information is the iThemes Vulnerability Report. I tried the iThemes security plugin once and signed up to the email, so it lands in my inbox every week, but it can also be found on the iThemes Blog page. Just look for the WordPress Vulnerability Report.
Ignore all the plugins that have been fixed – if plugins are up to date, the security issues have been solved. Look for plugins that have not been fixed and for which there is no fix. If you are using one of them, your site can be hacked through them. The August 2021 Part 3 lists over 30 unfixed plugins. Are you using any?
Watch for future reports and check out some previous ones for more unfixed plugins with security problems.November 1, 2021 at 5:58 pm #5692Eric
- How do I figure out what plug-ins I have?