Category Security News

WordPress Plugin Security Concerns

The true definition of a WordPress Plugin is code that goes into the core of your site and allows you to change appearance, security, or other settings.  With the access and amount of plugins that are out there, is there any way to be sure they are secure?  I have posted several times about plugins that have security vulnerabilities that allows hackers/script kiddies to download your wp-config.php file, gain access to your root, or make themselves an admin.  Is there truly a way to protect yourself from probing attacks?

As I write this post, I am reviewing probing links into my site:

/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
/wp-content/plugins/sexy-contact-form/includes/fileupload/index.php
/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php
/wp-content/plugins/advert-manager-plugin/readme.txt
/store/js/mage/cookies.js
/js/mage/cookies.js
/shop/js/mage/cookies.js
/wp-content/plugins/360-product-rotation/readme.txt
/wp-content/plugins/robotcpa/f...

Full Post Here