To add different functions to the popular CMS WordPress – like social media icons or contact forms – it’s usual for people to install and activate different plugins. However, it is important to keep in mind that most security breaches that happen on WordPress are due to vulnerabilities in these plugins.
Comment from our expert:
”My number one advice when installing a WordPress plugin is to ask yourself; do I really need this? Anyone can create a plugin for WordPress, and every new line of code is a possibility for something to go wrong. If you install a plugin with bad code, it could end up with someone hacking your website.”
”To check if a plugin is safe, start of by googling it to see if it has any known vulnerabilities, or if it has been known for having many flaws in the past. Who is the developer of the plugin and does that person seem to know what they are doing?”
”Every now and then, go through the plugins you have already installed and look up if they have any new vulnerabilities. Maybe they haven’t been updated for awhile, which means that they might be easier to hack. Most of the time, if it is a popular plugin with thousands or hundreds of thousands of users, it should be fairly updated and thus might also be safer to use. But when it comes to plugins, the old saying less is more really does apply,” says Johan Edholm at Detectify.
Want more IT security information? Don’t miss out on the other parts of our IT Sec FAQ series!