Many WordPress Site Hackings Caused To These Plugins

  • 时间:2020-09-24 11:48:45
  • 分类:网络文摘
  • 阅读:129 次

Security firm Sucuri says they have already  seen a large number of hacking attacks on the WordPress CMS platform. In its very first Website Hacked Report, compiled statistics of these hacking investigations. Most of these websites were running on the WordPress CMS platform for the past six years.

Users are in shock at the findings, “78 percent of these total hacked websites it investigated were WordPress sites, with Joomia in a distant second.”

What is even more shocking is that the point of entry for most of these hacks was vulnerable plugins. Three plugins in general were found to be the most vulnerable: RevSlider, GravityForms and TimThumb.

Three plugins are responsible for a quarter of WordPress hacking incidents

You might have heard of RevSlider’s as the plugin that is suspected of causing the Panama Papers data breach.

Developers are left scratching their heads because these apps are secure. In fact, all of them released security fixes about a year ago. However, some WordPress users are using outdated vulnerable versions. This is due to the fact that many commercial products bought through theme marketplaces automatically deploy plugins with embedded codes. Upgrading a plugins code that is considered built-in is impossible. The only answer is re-issuing themes with new versions, and of course that doesn’t happen.

Percentage of out of date sites during cleanup Q1 - 2016

Despite the findings, Sucuri says that WordPress is still considered safe.

“These statistics talk to the challenges website owners face, regardless of size, business, or industry. Website owners are unable to keep up with the emerging threats. As well, the guidance they receive to ‘stay current’ or ‘just update’ is not enough,” Sucuri explained. “Website owners are turning to other technologies, like Website Application Firewall (WAF), to give themselves and their organizations the time they require to more efficiently respond to the threats by way of virtual patching and hardening techniques at the edge.”

推荐阅读:
5 Blogging Tips for Off-Road Enthusiasts  The Future of Work: How to Successfully Work Remotely  Javascript Function to Detect Capital String  Bruteforce/BackTracking Algorithm to Split Array into Fibonacci   How to Avoid Paying Too Much Fee when Cashing out Bitcoin via Wi  The Common Kodi Errors and Use of Free VPN for Linux  Java Pattern: Use Atomic Boolean to Return Single Usage Object  Significance of HTML and CSS in Mobile App Development  How to Reverse Words in a String using Modern Programming Langua  The Python Function to Retrieve the Producer Reward for Witness 
评论列表
添加评论