Protecting Against WordPress PlugIn Vulnerabilities
Open source is the greatest way to keep communication going in the tribe, but it needs to be done intelligently to stay safe. We’ve talked before about the state of Drupal security, and the great Drupal features attracting high-profile security sensitive clients like the White House and major media outlets.
A recent article by Alan Shimel on NetworkWorld.com examined some of the vulnerabilities present with WordPress plugins, and what site owners can do to protect their sites. Shimel cites a report by Checkmarx that found:
20% of the top 50 WordPress plugins were vulnerable to the most common web attacks
7 out of 10 of the most popular eCommerce plugins are vulnerable to attack, and
While all plugins updated their versions during the 6-month study, only 6 plugins were completely fixed
Shimel sees the current role of app stores as a major contributor to these problems because users think if an app passes an app store’s security tests, it must be safe for general use. Shimel writes, “The marketplace or app store has become a feature in so many places today. As consumers in these marketplaces, we tend to think that just because something has been approved for an app store or marketplace it must be safe. This report by Checkmarx shows once again that it isn't necessarily true."
To keep your WordPress site as secure as possible, Shimel suggests:
Only downloading plugins from reputable sources, which for WordPress users is WordPress.org.
Scan each plugin for security issues and to verify the security posture
Keep all plugins up to date
Remove unused plugins
Open source systems offer tremendous amounts of opportunity to site owners and content providers. They also offer amazing security, if used intelligently and appropriately. The Internet is like a jungle, and when you’re moving fast, sometimes it takes an experienced swinger to tell the difference between a vine and a snake. Follow these tips to help keep your WordPress site running safe and sound.