Posted on : 28-04-2013 | By : Goh YauKuang | In : Internet_Marketing
Tags: hacker, W3 Total Cache, wordpress, WP Super Cache
Security Risk Associated With WordPress Plug-in Exploit
One of the criteria that Google take into consideration in regards to page ranking is that of how fast it takes for a web page to load and display on the user screen. A page with lots of imagoes and video will take much longer time to process by the host server before it is send to the client browser to display.
There are many ways to optimize and improve page loading time. Minimize images and uninstall unnecessary WP plug-ins that you can do without. Compress files that you wish to transfer from the server to the client, for instance eBook and other digital products.
Page caching is quite effective to address bottlenecks on the server as traffic volume increase Server side script execution is minimize as the data (pages) are cached statically. Thus access to same pages from multiple client
request (such as that when you click on any web link display by the browser) can be retrieved without further parsing and processing by the server which host your WordPress files.
I came across this link posted on the WordPress forum regarding security issues associated with some popular WP plug-ins namely WP Super Cache and W3 Total Cache. These two plug-ins are among the most widely downloaded and installed SEO optimization modules to address slow page loading time issue.
Based on the feedback, it seems like a very serious loophole which allows hackers to execute malicious scripts within your site by embedding php codes in the blog comment field. Essentially the gap in the plug-in implementation allows intruders to gain access to your site folders, bypassing some fo of the standard security mechanism and measures such as admin login requirements and etc.
Hackers can insert virus scripts such as trojan horse and malware programs to run on your server. What stands between your WP sites and the hacker is simply just a numbers game. It is a matter of time the so called ‘botnets’ , rouge programs target your site and exploit the loopholes through compromised plug-in code.
Check out this link for some other simple security measures that you can take to harden your WP powered sites.
Sync Up Installed WP Plug-ins To Latest Version
Many people can’t be bother with upgrading of plug-ins because they think it is not important. Hackers are very good in exploiting WordPress themes and plug-in loopholes to mount attacks. The sooner you upgrade and keep your WP files up to date with the latest version release, the more difficult it is for hackers to target it successfully
The process of upgrade or sync up is very easy particularly with WordPress content management system. Depending on the version of the WP, once you log into your user administration account , under the dashboard you should have an icon that indicates the available number of WordPress Updates, Plug-ins and Theme there pending for upgrade.
One really cool feature regarding WordPress is that the update process is very simple and involve just a couple of mouse clicks, well not all but most of the time. For instance, navigate to the ‘Plugins’ section and click on the appropriate link to start the update process. Note: Again depending on the version of your CMS, the actual display of the update link might not be exactly the same, but I suppose you get the idea.
As indicated on the example above, there is a new All in One SEO Pack available. A click to the link ‘update now’ is all that is needed and the update process will be completed in couple of minutes.
WP plug-in exploit is not trivial. Hackers can and will develop whatever means to attack any site which do not have the necessary security patch. Do not assume that since there are millions of websites the chances of yours being affected is slim.
This is a BIG mistake because data gathered to date indicates most sites that are poorly maintained and lack security measures are the ones that got successfully attacked. Why expose your site to unnecessary vulnerabilities if you can easily address and fix it in minutes?