About WordPress Plugin Vulnerabilities and How to Address Them

You work hard to make your site awesome. And with all that work you put in, the last thing you want to do is lose your site to some malicious hacker. When it comes to hackers and WordPress, plugin vulnerabilities are one of the easiest ways for the bad guys to get in.

Thanks for reading this post and Brass Ring also thanks those whose content is shared here on our website. We present it in order to pass on their knowledge to our small business clients so it can help them remain informed, healthy and growing their businesses. Please bookmark our site, subscribe to our newsletter and come back for more marketing, small business & WordPress tips, advice, tools & news! - Edward A. Sanchez


Because of its popularity, WordPress is a magnet for hackers. According to Sucuri’s Q1 2016 Website Hacked Trend Report, 78% of the hacked websites they deal with were running WordPress. And based on a survey from WordFence, 55.9% of WordPress hacks with known entry points were a result of plugin vulnerabilities. This makes plugins by far the biggest known contributor to hacked WordPress sites.

In this post, I’ll take a good hard look at some proactive steps you can take to prevent your site from becoming vulnerable to plugin exploits.

Why Do Hackers Want Access to Your WordPress Site?

If you’ve never been hacked, you may wonder what it is that makes hackers so interested in your WordPress site. For me, it was so that they could redirect my visitors to sketchy pharmaceutical sites. But that’s not the only reason they might want in.

But before I get to those other reasons, let’s start with something to make you feel a little better. It’s probably not personal. Most hackers are simply trolling for known vulnerabilities. These are typically crimes of opportunity, not passion.

Once they find a vulnerable target, they pounce in a few ways:

  • Injecting links to artificially boost their sites’ SEO.
  • Redirecting your visitors to different sites. The nasty redirects don’t affect you – so you might never know until you see your stats disappear.
  • Installing malware on your visitors’ computers.
  • Stealing your server resources for spam emails, DDoS attacks, or other nefarious purposes.

You don’t have to be a victim, though. Shoring up plugins as a vulnerability vector, as well as implementing other basic WordPress security tips, can protect you from most of these attacks. And you can keep your site humming along smoothly.

How to Mitigate Security Issues With Plugins

While it’s always possible for something to slip through the cracks, following these plugin security best practices will go a long way toward keeping your WordPress site safe.

Read the rest of the article HERE on Elegant Themes blog


Leave a Reply