Regular WordPress vulnerabilities: Constant security threat
Data protection for companies
Due to the large selection of plugins in WordPress, there are regular security gaps. Exploiting these vulnerabilities is one of the biggest threats to WordPress site security.
What is WordPress?
WordPress is a free content management system (CMS) for editing websites and their content. As open-source software, WordPress is licensed under the GNU General Public License (or GPL), which grants you to run, modify, and copy the software. Software that grants these liberties is called “free software”. WordPress was originally developed in 2003 for online blogs. Today, the system is one of the most widely used editorial systems, accounting for around 40% of all CM systems, and is no longer only used in blogs. Nowadays, WordPress is often also used by smaller companies and startups for their first website, since websites can be created with just a few clicks and the range of functions can be greatly expanded with a large selection of plugins.
Security vulnerabilities in WordPress
However, it is precisely this large selection of plugins that leads to security gaps on a regular basis. Exploiting these vulnerabilities is one of the biggest threats to WordPress site security. According to t3n, there were 4.3 billion attempts to exploit security vulnerabilities in 2020 alone. More information at t3n.de.
In early 2020, this was the case with the Rank Math WordPress plugin. According to the manufacturer’s website, Rank Math is “a search engine optimization plugin for WordPress that allows anyone to optimize their content with built-in suggestions based on widely accepted best practices.” Two critical vulnerabilities have allowed unauthorized users to access over 200,000 websites, among others Grant or revoke user rights. The security problem has since been resolved. However, this requires an update of the plugin. More information at t3n.de.
This was followed again in September 2020 by a serious vulnerability in a WordPress plugin. This time it was the plugin “WP File Manager”, with which you can edit, delete, upload and download, copy and paste files and folders directly from the WordPress backend. The vulnerability allowed hackers to upload and change files without permission – up to and including the complete takeover of the website. The plugin is used by over 700,000 websites. In the meantime, the problem has been fixed with an update, but was previously massively exploited. More information at t3n.de.
The next security gap in WordPress followed in October 2020. With around 4.3 million websites affected, the vulnerability in the WordPress plugin “WPBakery” was one of the most serious security problems in the field of WordPress plugins in a long time. The WPBakery Builder is one of the most popular page builders for WordPress. The plugin comes with numerous templates and allows for easy editing of both frontend and backend. With the help of the vulnerability, it was possible to insert malicious program code into the website and even secure administrator rights, among other things. This security leak has also been fixed in the latest version of the plugin. More information at t3n.de.
What can be done about WordPress security vulnerabilities?
As previously mentioned, one of the biggest threats to WordPress site security is vulnerabilities in plugins. The only measure that an end user can take against such vulnerabilities is to regularly update the plugins, themes and the entire system.
Due to the many weak points, we at LUTHEKA do not work with WordPress as the content management system, but rely on our in-house editorial system, which is much easier to use than you are used to from WordPress. Feel free to contact us!