Do you know how 22% of WordPress sites get hacked? Answer: A vulnerable plugin. This WordPress plugin checker guide lets you know if yours is on the “bad” list.
WordPress has positioned itself as the premier blogging and website building platform. It’s ease of use and versatility make it accessible even to people with little computer knowledge.
However, this same accessibility sometimes opens the platform to attacks from malicious sources.
One component of WordPress that’s consistently vulnerable are its plugins. The bits of code that make your life easier also leave your website open to attack.
It’s the nature of the beast with WordPress. Third-party “applications” will always come with inherent risk. That is why you need to harden your WordPress website.
Luckily, the risk is easy to manage if you know how. Check out this WordPress plugin checker list to keep your website safe. And check out some of our other articles about how to protect your WordPress website – 5 Ways to Protect Against a WordPress Virus
Types Of Vulnerabilities
Before we talk about susceptible plugins, let’s run through the different types of vulnerabilities.
Depending on your plugin, hackers take different methods to break your security. Understanding these methods helps with learning how to combat them.
Arbitrary File Viewing and Uploading
Some plugins don’t block outside parties from viewing your website’s source code. The intention is to let users view certain code, but instead, everything is on display.
Uploading works the same way. The plugin doesn’t filter file uploads to an unprotected source code. Hackers can run whatever malicious code they please.
Remote Code Execution
The plugin leaves the source code open to malicious code injections from another location. The code is inserted from outside the server.
This vulnerability is very common. The plugin doesn’t filter data for SQL inquiries. The vulnerability lets hackers inject malicious code via the database queries.
The plugin leaves administrator privileges open to any user. The hacker can run any code they’d like.
The WordPress Plugin Checker
Ok, so we could list out every WordPress plugin that’s been compromised, but that would be many pages to read through.
History has shown it does not matter if free or premium plugins, all kinds of WordPress plugins have been compromised. Some simply from dependency on a 3rd party library which was compromised. Although not always, most times a premium plugin would be from a company with resources dedicated to keeping the plugin updated.
It’s much easier to head over to this database of compromised plugins. You can quickly search all of your current plugins by name to check their status.
This kind of test works well, but it does have some flaws. Foremost being that deleted plugins could have injected malicious code that’s still hiding on your website.
To root out this type of issue, it’s best to start with the basics. Google offers a free website health checkup, see for example this Google Transparency Report for Cleverplugins.com.
Another good option is third-party solution Sucuri, which provides a full WordPress security suite.
Sucuri offers preventative measures to protect against malware, and also deletes existing malicious code.
It’s worth a look for those who aren’t skilled in cybersecurity. Small businesses especially end up frequently dropping the ball when it comes to securing their websites.
Small businesses especially end up often dropping the ball when it comes to securing their sites. Being a diligent WordPress plugin checker is crucial to maintaining a high standard of web security.
Remember, plugins update all the time, putting them at constant risk for new security flaws. Once you are done with that, check out our WordPress optimization checklist for tips to take your website further.