Cyber security news for all

More

    Ways to minimize risks through WordPress plugins

    WordPress is the most widely used content management system worldwide. Websites built with it are regularly attacked due to security gaps. However, vulnerabilities in plugins and themes are often gateways for hackers. Users have to update them manually. An official auto update plugin should now remedy the situation. The extension WordPress updates are currently still in phase and it is recommended not to use the plugin in productive environments yet.

    Do Automatic Plugin Updates Bring Risks?

    Not every plugin project has the power. Most of the free plugins in the WordPress plugin directory are only developed by one person or maybe a small team. That doesn’t mean that these plugins are bad. We know from the past, that it is mostly the plugins that open security gaps and thus your own WordPress instance becomes a target for hackers. It can therefore be assumed that the code quality suffers or is not tested enough. But it explains why we quickly click on the update button for well known plugins and rather not for others.

    Do Not Customize Plugins Yourself

    To save development time, official and unofficial plugins are often simply adapted by developers. If the version number or the name of the plugin is not changed, WordPress offers an update, although this may not be carried out because it would otherwise overwrite your own changes.

    Detect Bad Plugins

    How could you recognize a bad plugin? Since the layperson cannot check whether the code quality is good, a system would have to be created that can do this. Would something like that work? The answer is very clear: yes! A small WordPress team is already working on such a system. The vision is to carry out automated quality tests for all WordPress plugins and themes and to make these test results visible to both the authors and the end users of these plugins and themes.

    Recent Articles

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Unknown attackers had access to personal data of Warner Music

    Warner Music Group has admitted a security incident in which customers card details were stolen in some of the company's online stores. Warner Music...

    Donald Trump wants to force a sale of TikTok to Microsoft

    It was recently announced that President Donald Trump plans to prohibit business with the owners of TikTok by decree. The American head of state...

    PIN protection is cracked for contactless payments

    Contactless payments by card only works up to typically 30 dollars without a PIN. The PIN is actually  requested for high payments. This is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox