WordPress plug-ins accountable for over 98% vulnerabilities

If you own (or are a part of) a website, a blog, or anything in between, chances are, you have used WordPress at least once. Even the article that yours truly is typing right now, is powered by WordPress.

And if you indeed have used WordPress, chances are, you know about the plethora of third-party or user-created plug-ins that are easily available on the platform, to make your website more interactive and easier to use.

However, not everything is as sweet as it seems, as a report has revealed that almost 98% of all the vulnerabilities the platform is subject to (which is a large number in itself), result from these plug-ins themselves.

Beware While Using Plug-ins

There are apparently two main reasons for the security issues arising from using WordPress plug-ins. The first of these is that the security protocol on the service might not be applicable to these third-party PHP libraries. Moreover, the codes that have gone into creating a plug-in are easily visible, and hackers, of course, are experts at decoding the same.

What this implies is that users who rely on plug-ins are making their websites codes easily accessible, leaving them vulnerable to being hacked. The problem is aggravated because WordPress is open source, allowing hackers to detect the endpoint URLs, and knowing how exactly to inject unwanted scripts.

How Are You Affected?

Plug-ins can result in many different types of vulnerabilities, and some of these are described here. SQL injections are very common, since WordPress makes use of concatenation operators to bind values in SQL queries. Another type is File Exclusion Exploits, wherein hackers can inject malware directly into servers and hack them, posing a major danger. Brute Force Attacks are some of the simplest hacking techniques, where the hacker simply breaks into your account by guessing your username and password.

BlueHost for WordPress
Image Credits: PCMag

While no fool-proof tech is currently available to block out all vulnerabilities, one can always ensure that they use only the updated versions of the plug-ins, and that too, only from authentic sources. Additionally, many third-party solutions are available to keeping these vulnerabilities at bay, from Bluetooth to Pantheon.