The September 7, 2022 WordPress Vulnerability Report is out and you should delete these WordPress plugins immediately to keep your site safe from hackers.
Every month, the creators of the iThemes WordPress security plugin issue a WordPress Vulnerability Report of the security weaknesses of various plugins in the vast ecosystem of WordPress plugins available to site owners. It’s a good idea to pay attention to the WordPress Vulnerability Report because a considerable amount of research goes into it that could save your site from disaster.
WordPress Plugins To Remove Immediately
In particular, the following plugins have vulnerabilities AND have been abandoned by their creators. Therefore, you should quickly find a replacement for them or just delete them if you don’t need them anymore.
- MP3 jPlayer
- SEO Smart Links
- Ketchup Restaurant Reservations
- Easy Org Chart
- WP Popup Builder
- Bitcoin / Altcoin Faucet
- Login Block IPs
- Simple Bitcoin Faucets
WordPress Plugins To Keep Updated
In addition, be sure to update the following:
- WordPress Core (6.0.2)
- BackupBuddy
- CallRail Phone Call Tracking
- SVG Support
- NinjaForms
- Post SMTP
- Beaver Builder
- Download Manager
- Booking Calendar
- Restricted Site Access
- Image Hover Effects Ultimate
- Simple File List
- Slider Hero
- Generate PDF using Contact Form 7
- CM Download Manager
- OAuth client Single Sign On for WordPress
- WP Cerber Security
- Wordlift
- LDAP WP Login / Active Directory Integration
- WP Socializer
- Scripts Organizer
You can subscribe to the Weekly WordPress Vulnerability Report to get regular updates on what should be upgraded and why.
Why Is It Important To Keep WordPress Updated?
WordPress is an amazing piece of open-source software. It has become the most popular content management system (CMS) available today, powering over 60^% of all websites whose CMS software can be detected and measured (43% of all websites).
But open-source software is written by and for humans. Humans are anything but infallible. We lose track of many details and make mistakes. So the software we build is prone to all kinds of issues. Other humans (not very good ones) are regularly looking for breaks in software armor and trying to exploit them for ill-gotten gain or just to create chaos.
What Are The Most Common WordPress Vulnerabilities?
The good thing about open-source software is that there are a lot of eyes watching for problems. Many of them are volunteers, but a good number of them work for companies that have security at the core of their interests. So, when the problems are found, you’ll do well to jump onto your site and update your WordPress software. Here’s an extensive list of all the types of problems that people are keeping track of with WordPress vulnerabilities today.
As you can see from that list, there’s a lot going on with any piece of software at any given moment. From one minute to the next, thousands of automated bots are hitting every WordPress site on the planet to probe for these specific vulnerabilities. When they find them, a new bot script will run that tries to exploit the vulnerability and steal data, deface your site, and infiltrate third-party financial systems you rely on for your business. This is serious stuff!
Conclusion
Keep track of WordPress security issues by subscribing to and reading the WordPress Vulnerability Report. When you identify a plugin with a problem, deactivate it quickly so that it’s not a problem in the short term, then update it immediately to ensure that the fixes are applied and working on your site. If the plugin is closed or seemingly abandoned, find a replacement, if necessary, and then delete that plugin.
Gone are the days of clicking “Update” and hoping for the best. Let Webidextrous manage your maintenance. We’ll give you back your time and peace of mind.
0 Comments