Yesterday afternoon a blogger friend asked me to read an article on WordPress plugins that makes the website become vulnerable. So here I am trying to share what is written in the article because quite a lot of WordPress users in Indonesia after bloggers like deleting users who violate the terms of service.
Reported that an internet security company issued a warning of some WordPress plugin that makes the website become vulnerable due to defects in security. These defects make our website become open to malicious attacks.
The company issued a warning that this is Sucuri WordPress Security watchdogs. In the warning that says that this is a big security flaw, that is in a lot of WordPress plugins. Some of these are very popular WordPress plugins.
This disability arises because of the cross-site scripting (XSS) that emerge due to abuse add_query_arg function () and remove_query_arg (). Both are functions that are very popular among developers who are used to modify and add the query strings in URLs WordPress website. Many developers who use this function in a way that is not safe.
In the following release name a few plugins that are considered problematic:
- Jetpack
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WP-E-Commerce
- WPTouch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Including Multiple products iThemes Builder and Exchange
- Broken-Link-Checker
- Ninja Forms
Some of the names are very well known and used by millions of users CMS WordPress in making a website. Especially SEO plugins are intended to create a quality website in the eyes of search engines. Fortunately, this problem can be solved with the latest versions of the plugins. So this article is intended to friends who have been using plugins above but does not perform the update.
So this is just a glimpse of info only to remind friends Wordpress users to be more frequent updates to the plugins used.
EmoticonEmoticon