There is no way to deny
the fact that Wordpress is currently the most popular CMS of all that you can
find online. The problem is that different vulnerabilities can appear,
especially in the older versions. It is really important that you have the
latest Wordpress version installed so that you can avoid common
vulnerabilities. However, this does not guarantee you are safe. Let us go
through the most common vulnerabilities that appear. Click here of an example of professional
testing services in the event that you need something like that.The Admin Passwords
It is so weird to see that
this vulnerability still exists. Make sure that you change the admin username if
you still have the standard “admin” one. Also, when referring to the password, it
needs to be as complex as possible. If you have a simple word as a password or
a combination of numbers with words, you can be sure that hackers can gain
access really fast.
The Arbitrary Settings
Use the search feature of
the blog. Input something that does not find any results. Then, look for
“<b>”. If you notice that the sentence stating that no results were found
became bold, you have a common vulnerability. It is basically a way to add
arbitrary text in web page HTML code. JavaScript code can be constructed and
would be executed when search queries are sent. Hackers can easily gain access
by saving admin login cookies and we also have SQL vulnerabilities that can appear.
Online Databases
There are many websites
out there that showcase Wordpress vulnerabilities. For instance, take a look at
this one. We have different sites that offer lists of vulnerabilities for
absolutely everything related to the CMS. We even have articles that are written
about vulnerabilities that are discovered. Your goal is to basically check
everything that is written about the theme or the plugin that you are about to
install. That is necessary since you have to be sure that what you will install
is suitable, with no vulnerability.
Manual Checks
If you have proper PHP and
HTML knowledge, it is a necessity to also look at the code that you see in the
Editor menu. That is definitely something that is complicated. It is a type of
verification that is quite difficult since you cannot identify problems if you
do not know much about the coding language.
Must Read : Pinterest Plugin for Wordpress
Must Read : Pinterest Plugin for WordpressRead All That You Can Find
There are basically
hundreds of different articles you can read. You have to basically read all
that you can find. That is something that is really important at the end of the
day. At least once per month you should read about the new Wordpress
vulnerabilities that were discovered. There is no way to deny the fact that we
are faced with a really good CMS. It helps those that do not have design
knowledge to create stunning websites or blogs. However, we are talking about
something that is open source. With this in mind, it is normal to have
vulnerabilities and it is the webmaster’s responsibility to make sure that
those discovered cannot be used by hackers to gain access.
|
|
Articles You May Like |
About The Author
I personally prefer blogger because my personal observations show that blogger posts get indexed by google faster.
ReplyDeleteThanks for sharing your view with us.
DeleteI don't really use wordpress (since we're using blogspot), but it's great to learn about those stuffs :)!
ReplyDeleteI am a long time blogger user and find wordpress to be complicated in doing SEO. Now, I just started posting an article through wordpress and your article helps me to realize the vulnerabilities.
ReplyDeleteThanks for this very useful blog post. I have tried using wordpress for around 5 times already and until now, I seem to find difficulty in understanding the dashboard or interface. Seriously, it's kinda complicated for me. >_< Blogger's dashboard is way easier to understand. ^_^ Anyway, thanks for these tips. They might be useful to me in the future. ^_^
ReplyDeleteThis is very interesting Debarpan. I also have a wordpress blog before. But suddenly change it to blogger in the sense that blogger offer free hosting. I love installing plug ins before but i don't know that it is one of the way to get vulnerable. Thanks for this.
ReplyDelete