By allowing nearly endless levels of customization, plugins have become a key part of the modern website. No one knows this better than the WordPress content management system, which proudly boasts that it “runs 35 percent of the Internet” with a library of more than 50,000 unique plugins and pre-built themes.
Unfortunately, this customization can come at a cost. WordPress recently became the latest victim of a plugin attack, in which hackers exploited nearly a dozen vulnerable plugins to silently grant themselves administrator access, redirect website visitors, and prompt users to download malicious apps. This article explains how plugins can be exploited by hackers, who may then have free rein of your website and data.
How Hackers Abuse Plugins
Hackers are always on the lookout for the simplest way to penetrate a website’s security. Plugins, especially those that aren’t regularly updated or that were originally downloaded from a questionable source, can provide hackers with the cyber equivalent of an open window. Because plugins require a relatively small amount of code and are often open-sourced, they can be an easy target for hackers who want to do a lot of damage to a website with a minimal amount of time and effort.
And while hackers can use plugins to infiltrate a website in just a few seconds, undoing this damage can be a long and monumental task. How can you protect yourself against plugin vulnerabilities?
Avoiding Plugin Breaches
Although no website owner is fully immune to plugin problems, there are a couple of things you can do to significantly reduce your risk.
The first is to commit to regularly updating your websites. It can be easy to let updates fall by the wayside, especially if you’re juggling multiple sites along with other commitments. But it’s a rare occasion when a plugin loophole isn’t quickly corrected by developers, sometimes within an hour or two of the initial breach—and by updating your plugins regularly, you’ll always have the benefit of the latest crowd-sourced defenses.
If you don’t feel like manually running updates or are afraid you’ll fall out of the habit in the future, you can easily schedule automatic updates that perform a top-to-bottom sweep of your entire site. FutureLink’s premium hosting security service provides a firewall, secure updates, backups, and malware detection that all serve to prevent and alert you to plugin breaches. Not all hosting services are the same, so be sure yours is capable of responding to the threat of hacked plugins.
Going forward, it’s important to live by the maxim, “you get what you pay for.” While there are thousands of high-quality free plugins, if you encounter a screaming deal on a plugin that normally costs money, you’re taking a major risk. These “free” plugins are often stolen from the original developer and infected with malware in the process. Don’t cut corners by downloading discount versions of popular plugins; while you may find what you’re looking for, these plugins can ultimately cost you your entire website.
If you’re not sure your plugins are as secure as they could be, there’s never been a better time to chat. In our 30-minute call, we’ll discuss some basic cybersecurity processes, our unique premium hosting security package, and any specific concerns you might have. Visit our website today to book your free consultation.