The Plugin Episode and the Path Ahead
WordPress being the most popular CMS option of all times has a user base that can make anyone envious. But, with wide reach comes wider monitoring needs too. People who make use of WordPress the most are bloggers who are non-technical persons. For any of their need, extensions are there, but are all of those trustworthy? It’s a known fact that 30% of WordPress plugins are developed by third parties. Most of the times, people tend to go ahead with an extension provided by the company that owns the platform. Because of abundance of third part extensions, quite a few low value numbers have also got inside the library. In the year 2011, it was found that more than 3500 WordPress plugins were not updated. This actually is a very serious issue as all of these are quite prone to virus or malware attacks. Also, these are not befitting with the latest version of WordPress that makes them useless, thus filling the library with useless options.
What kind of vulnerabilities you might suffer
Using plugins, you might have to suffer various kinds of breakdowns if the plugin developing company is not authentic. A chart shared by whitefiredesign shows some of the major vulnerabilities found in plugins such as reflective cross-site scripting (XSS) which comprises of 30% of the whole list. Also, these is unrestricted file upload with 22% share and directory traversal with 8%. Other issues are remote file inclusion, SQL injection, information disclosure, persistent cross-site scripting, etc.
Taking all kinds of vulnerabilities together, almost 400 security issues can come towards you. According to national vulnerability database, 40% i.e. 159 issues are associated with plugin bugs and 32% i.e. 129 with core bugs. The rest of the 28% i.e. 112 comes from all over the field.
When you hire a WordPress developer, make sure that he knows everything about keeping the WordPress site or blog secured using his technical knowledge as otherwise you would end up spending more on fixing security breaches all the time rather than adding value to your site or blog.
Few plugins for better security
With so many people making use of WordPress, it is often the target of hackers as they can affect maximum number of users associated with any site. To tackle with such nuisances, you must consider using security plugins for WordPress. Here are the top five for you -
1. BulletProof Security: This free plugin has been downloaded more than 1.1 million times. Users have given 4.8 stars to it out of 5. It makes use of .htaccess for keeping the files like wp-config.php and php.ini secure from any kind of threats. It also stops any kind of code and SQL injection.
2. Acunetix WP Security Scan: It is best known for scanning your site and checking how secure it is. If it finds some issue, it tells you how to fix it. It has been downloaded 1.3 million times and has a star rating of 3.4.
3. Sucuri Security – SiteCheck Malware Scanner: This is a malware scanner and also serves great to clean your blog from all the malware.
4. iThemes Security: This was previously known as Better WP Security, and is the most popular among all. Features are almost similar like previous ones discussed. It has been downloaded 2.3 million times and takes pride in the star rating of 4.7.
5. Wordfence: It offers you with a map which shows you real-time attacks at your blog or site using WordPress. It helps by instantaneously blocking the real-time attacks, thus keeping your site secure.
Do use WordPress, but never ignore the importance of security plugins. These plugins keep your efforts in place and let you concentrate on the core functional part.