02 Jul Are you sure your wordpress website is protected?
Checkmarx, a company founded in 2006 that specializes in automated security code reviews has published a security vulnerability report on the top 50 plugins on the WordPress plugin repository. In the report published on June 18th, 2013 Checkmarx concluded that more than 20% of the 50 most popular WordPress plugins were vulnerable to common web attacks such as SQL injection. Furthermore, the report revealed that 7 out of the 10 most popular e-commerce plugins for WordPress contained vulnerabilities. First, some background information regarding how the report was put together.
The research in this survey has nothing to do with the core security of WordPress but rather, the plugins available for it. It’s important to consider this distinction when reviewing the report. The report has sound advice some of which has been preached repeatedly over the years.
In sum: What should you do about it. I can’t give you a perfect solution but I can give you a sneak peek into how we make sure that all of our sites built at Justin The Designer are secured:
First: We do background checks on any and all plugins that might be used on any of our websites. The most trusted source being the WordPress plugin repository. We do not use any plugins that don’t need to be used. And remember that just because a plugin is deactivated does not mean its not volnerable to attacks. If your not using a plugin I suggest delete completely.
Second: We install a back-up system to help secure that anything done after a certian date we can always go back and restore the site the way it was on any given week in the past.
Third: we install Exploit Scanner: This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
Fourth: We do monthly updates on all of our plugins and wordpress itself on every website that is on our monthly maintenance plan.