Featured Posts

How To Dominate Your Competition Using New Gmail   I won't be surprised if  all your emails to Gmail users landed straight in the 'promotion' or 'spam' folders. There is no doubt that the new Gmail tab system affects mail open rates and disrupt...

Readmore

  • Prev
  • Next

Tips On How To Minimize Hacker Attack – WP Plug-in Exploits

Posted on : 28-04-2013 | By : Goh YauKuang | In : Internet_Marketing

Tags: , , ,

0

Sharing Is CaringShare on FacebookPin on PinterestShare on Google+

Security Risk Associated With WordPress Plug-in Exploit

One of the criteria that Google take into consideration in regards to page ranking is that of how fast it takes for a web page to load and display on the user screen. A page with lots of imagoes and video will take much longer time to process by the host server before it is send to the client browser to display.

There are many ways to optimize and improve page loading time. Minimize images and uninstall unnecessary WP plug-ins  that you can do without. Compress files that you wish to transfer from the server to the client, for instance eBook and other digital products.

Page caching is quite effective to address bottlenecks on the server as traffic volume increase Server side script  execution is minimize as the data (pages) are cached  statically. Thus access to same pages from multiple client
request (such as that when you click on any web link display by the browser)  can be retrieved without further parsing and processing by the server which host your WordPress files.

I came across this link posted on the WordPress forum regarding security issues associated with some popular WP  plug-ins namely WP Super Cache and W3 Total Cache.    These two plug-ins are among the most widely downloaded and installed SEO optimization modules to address slow page loading time issue.

Based on the feedback, it seems like a very serious loophole which allows hackers to execute malicious scripts within your site by embedding php codes in the blog comment field. Essentially the gap in the plug-in implementation allows intruders to gain access to  your site folders, bypassing some fo of the standard security mechanism and measures such as admin login requirements and etc.

Hackers can insert virus scripts such as trojan horse and malware programs to run on your server. What stands between your WP sites and the hacker is simply just a numbers game. It is a matter of time the so called ‘botnets’ , rouge programs  target your site and exploit the loopholes through compromised plug-in code.

Check out this link for some other simple security measures that you can take to harden your WP powered sites.

Sync Up Installed WP Plug-ins To Latest Version

Many people can’t be bother with upgrading of plug-ins because they think it is not important.  Hackers are very good in exploiting WordPress themes and plug-in loopholes to mount attacks.  The sooner you upgrade and keep your WP files up to date with the latest version release, the more difficult it is for hackers to target it successfully

The process of upgrade or sync up is very easy particularly with WordPress content management system. Depending on the version of the WP,  once you log into your user administration account , under the dashboard you should have an icon that indicates the available  number of WordPress Updates, Plug-ins and Theme there pending for upgrade.

WordPress Plug-ins & Themes Update Nofification

One really cool feature regarding WordPress is that the update process is very simple and  involve just a couple of mouse clicks, well not all but most of the time.  For instance, navigate to the ‘Plugins’ section and click on the appropriate link to start the update process. Note: Again depending on the version of your CMS, the actual display of the update link might not be exactly the same, but  I suppose you get the idea.

WordPress plug-in update notification

As indicated on the example above, there is a new All in One SEO Pack available.  A click to the link ‘update now’ is all that is needed and the update process will be completed in couple of minutes.

Final Thoughts

WP plug-in exploit is not trivial. Hackers can and will develop whatever means to attack any site which do not have the necessary security patch.  Do not assume that since there are millions of websites the chances of yours being affected is slim.

This is a BIG mistake because data gathered to date indicates most sites that are poorly maintained and lack security measures are the ones that got successfully attacked. Why expose your site to unnecessary vulnerabilities if you can easily address and fix it in minutes?

Enhanced by Zemanta
SocialTwist Tell-a-Friend

Write a comment