15 April 2014

Simple Tips To Identify Vulnerabilities In Wordpress


Tips to Identify Vulnerabilities In WordpressThere is no way to deny the fact that Wordpress is currently the most popular CMS of all that you can find online. The problem is that different vulnerabilities can appear, especially in the older versions. It is really important that you have the latest Wordpress version installed so that you can avoid common vulnerabilities. However, this does not guarantee you are safe. Let us go through the most common vulnerabilities that appear. Click here of an example of professional testing services in the event that you need something like that.

The Admin Passwords

It is so weird to see that this vulnerability still exists. Make sure that you change the admin username if you still have the standard “admin” one. Also, when referring to the password, it needs to be as complex as possible. If you have a simple word as a password or a combination of numbers with words, you can be sure that hackers can gain access really fast.

The Arbitrary Settings

Use the search feature of the blog. Input something that does not find any results. Then, look for “<b>”. If you notice that the sentence stating that no results were found became bold, you have a common vulnerability. It is basically a way to add arbitrary text in web page HTML code. JavaScript code can be constructed and would be executed when search queries are sent. Hackers can easily gain access by saving admin login cookies and we also have SQL vulnerabilities that can appear.

Online Databases

There are many websites out there that showcase Wordpress vulnerabilities. For instance, take a look at this one. We have different sites that offer lists of vulnerabilities for absolutely everything related to the CMS. We even have articles that are written about vulnerabilities that are discovered. Your goal is to basically check everything that is written about the theme or the plugin that you are about to install. That is necessary since you have to be sure that what you will install is suitable, with no vulnerability.

Manual Checks

If you have proper PHP and HTML knowledge, it is a necessity to also look at the code that you see in the Editor menu. That is definitely something that is complicated. It is a type of verification that is quite difficult since you cannot identify problems if you do not know much about the coding language.

 Must Read : Pinterest Plugin for Wordpress

Read All That You Can Find

There are basically hundreds of different articles you can read. You have to basically read all that you can find. That is something that is really important at the end of the day. At least once per month you should read about the new Wordpress vulnerabilities that were discovered. There is no way to deny the fact that we are faced with a really good CMS. It helps those that do not have design knowledge to create stunning websites or blogs. However, we are talking about something that is open source. With this in mind, it is normal to have vulnerabilities and it is the webmaster’s responsibility to make sure that those discovered cannot be used by hackers to gain access. 
Articles You May Like

6 comments: Leave Your Comments

  1. I personally prefer blogger because my personal observations show that blogger posts get indexed by google faster.

  2. I don't really use wordpress (since we're using blogspot), but it's great to learn about those stuffs :)!

  3. I am a long time blogger user and find wordpress to be complicated in doing SEO. Now, I just started posting an article through wordpress and your article helps me to realize the vulnerabilities.

  4. Thanks for this very useful blog post. I have tried using wordpress for around 5 times already and until now, I seem to find difficulty in understanding the dashboard or interface. Seriously, it's kinda complicated for me. >_< Blogger's dashboard is way easier to understand. ^_^ Anyway, thanks for these tips. They might be useful to me in the future. ^_^

  5. This is very interesting Debarpan. I also have a wordpress blog before. But suddenly change it to blogger in the sense that blogger offer free hosting. I love installing plug ins before but i don't know that it is one of the way to get vulnerable. Thanks for this.