Vulnerability testing of WordPress plugins should be performed on a regular basis. We will explain the reasons for this.

Nearly 60% of WordPress tampering (hacking) is caused by plugin vulnerabilities


Source: Www.Wordfence.Com

Here is a graph published by WordFence showing the causes of WordPress hacks.
Plugins come in first (nearly 60%), brute force (nearly 20%), WordPress files (less than 10%), and the theme (4th).
In other words, the most common and overwhelming cause of WordPress hacking is plugin vulnerabilities.

In our experience in Japan, themes are often made in Japan, and hosting is often on shared servers, so the percentage of cases where the theme or hosting is the cause of the 4th and 5th place is much lower, and probably over 90% of cases are caused by plugin vulnerabilities and brute force. We believe that more than 90% of the cases are probably caused by plugin vulnerabilities and brute force.

For this reason, we believe that WordPress plugin vulnerabilities are the most important security measure to be aware of.

Why are plugin vulnerabilities used for hacking?

WordPress plugin vulnerabilities are published by NIST and other organizations with a view to alerting the public and encouraging them to update their plugins.

Example List of WordPress vulnerabilities
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=wordpress&search_type=all

However, since this information is available to hackers, hackers will create software to exploit these vulnerabilities one after another and attack WordPress in large numbers.

Hackers target vulnerabilities that are highly dangerous (and free for hackers), such as vulnerabilities in popular plug-ins that allow them to download or modify site files without logging in.

Are there a large number of dangerous vulnerabilities?

While a large number of plugin vulnerabilities are discovered every day, the most dangerous vulnerabilities in popular plugins are actually discovered in very small numbers (a few per year, I think). (I think there are only a few per year).

However, even a few per year can add up to a collection of dozens of strong vulnerabilities in a few years, and there is a huge number of sites that have not updated their plug-ins in several years.

This is why hackers seek out and attack sites that have old and dangerous vulnerabilities.

How to deal with vulnerabilities, vulnerability testing

The easiest way to squash a vulnerability in a plugin is to update the plugin. However, there are many plug-ins that are no longer updated and vulnerabilities are left unchecked.
In this case, the plug-ins should be checked for vulnerabilities, and if any are found, the plug-ins should be stopped and removed from use (it is also possible to program individual plug-ins to close vulnerabilities, but this is more difficult to do).

Vulnerabilities can be searched for at the following sites
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=wordpress&search_type=all

WPSCAN

Our plugin allows you to easily inspect 2,000 of the most dangerous vulnerabilities. We hope you will also use this service.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Related Posts:

  1. Where is WordPress being hacked from? Find out the vulnerabilities of plugins and WordPress itself!
    If you have been a victim of WordPress defacement or hacking and have viruses or malware embedded in your site, or if you repeatedly find yourself in a similar situation, you may wonder where hackers are getting into your site. In this article, we will explain how to find vulnerabilities in plugins and WordPress itself, which is one of the...
  2. How to check individual WordPress plugins for vulnerabilities
    Hacking using plug-in vulnerabilities, which account for the majority of WordPress malware infections (tampering damage), has been increasing in recent years. Plug-in vulnerabilities are sometimes fixed by the creators of the plug-ins, so it is advisable to keep all plug-ins up-to-date, but you may hesitate to do so because of the possibility of WordPress malfunctions. If the plugins are repeatedly...
  3. How to check individual WordPress themes and plugins for vulnerabilities
    Here are some ways to check for vulnerabilities in WordPress themes and plugins....
  4. How to check individual WordPress plugins for vulnerabilities
    It is said that 60% of WordPress hacks are program (theme or plugin) vulnerabilities. We will explain how to check for vulnerabilities in your plugins individually....
  5. How do WordPress hackers find site vulnerabilities and deface sites? What are effective security measures?
    When a site is hacked and defaced, some webmasters generally assume that hackers have targeted your site and infiltrated it with advanced technology, but this is not the case with WordPress. This is not the case with WordPress....
  6. What are program vulnerabilities in WordPress?
    WordPress and plugins require updates to close vulnerabilities, but we will explain the most dangerous types of vulnerabilities....