{"id":6440,"date":"2017-05-08T16:08:28","date_gmt":"2017-05-08T13:08:28","guid":{"rendered":"https:\/\/themeisle.com\/blog\/?p=6440"},"modified":"2020-05-12T11:12:00","modified_gmt":"2020-05-12T11:12:00","slug":"wordpress-plugin-vulnerabilities","status":"publish","type":"post","link":"https:\/\/themeisle.com\/blog\/wordpress-plugin-vulnerabilities\/","title":{"rendered":"Stay Safe! WordPress Plugin Vulnerabilities, and How to Avoid Them"},"content":{"rendered":"

One of the reasons WordPress is so popular is the freedom it gives users to add any number of functions with the help of plugins. Users get to choose from close to 62,000+ plugins available for free in the WordPress plugin repository<\/a>. And that’s not even counting the many third-party free and premium plugins<\/a>.<\/p>\n\n\t\t

<\/div>\n\t\t\t
\n\t\t \t
\n\t\t \t\tAvoid vulnerabilities in #WordPress #plugins with these tips<\/a>\n\t\t \t<\/div>\n\t\t \t
\n\t\t \tClick To Tweet \n\t\t \t\t<\/span>\n\t\t \t<\/a>\n\t\t <\/div>\n\t\t<\/div>\n

But sometimes so much choice leads to potential issues. Rogue plugins, out-of-date plugins…all can provide a vector for hackers to gain access to your site. So to plug those potential holes, here are some tips to keep your site safe by eliminating WordPress plugin vulnerabilities as much as possible.<\/p>\n

Scan for WordPress plugin vulnerabilities<\/h2>\n

WPScan Vulnerability Database<\/a> is a good place to check if any plugin is a security threat. The service lists plugins and their known vulnerabilities. You can look up a plugin by name or filter all plugin vulnerabilities alphabetically. If you catch a given plugin in the list, first check the plugin’s listing page for an update. If there’s no update to patch the vulnerability, you should delete the plugin for the time being if at all possible.<\/p>\n

\"WPScan<\/p>\n

Another way to catch these threats in time is to subscribe to paid services like, the aptly named, Plugin Vulnerabilities<\/a>. You’ll gain access to always up-to-date data as these services continuously monitor security threats and hacking attempts. And if you’re using a plugin which is at risk, you’ll receive an email alert about it. Because you get the notification with this service, you’re much more likely to be able to act quickly.<\/p>\n

You can also detect these threats by running a scan on your website from time to time. A plugin like Wordfence<\/a> will not only scan all your installed plugins, it’ll also notify you of the more common security issues.<\/p>\n

As for the threats that surface subsequently, you can opt to receive alerts. New threats crop up almost on a daily basis as hackers try and target WordPress websites. For that reason, it’s important that you check for vulnerabilities frequently (or have a service do it for you).<\/p>\n

Choose the right plugins<\/h2>\n

No plugin is 100% safe. But you can significantly reduce WordPress plugin vulnerabilities by learning to assess and select quality plugins before installing them<\/a>. Pick plugins only from reputed marketplaces like CodeCanyon<\/a>, the WordPress Plugin repository<\/a>, or third-party stores that you trust. The WordPress repository vets each plugin before it’s available to the public and CodeCanyon also has its own review system in place.<\/p>\n

\"Code<\/p>\n

So, what should you check to figure out if a plugin is good to install? Start with:<\/p>\n