Vulnerability testing of WordPress plugins should be performed on a regular basis. We will explain the reasons for this.
Nearly 60% of WordPress tampering (hacking) is caused by plugin vulnerabilities
Source: Www.Wordfence.Com
Here is a graph published by WordFence showing the causes of WordPress hacks.
Plugins come in first (nearly 60%), brute force (nearly 20%), WordPress files (less than 10%), and the theme (4th).
In other words, the most common and overwhelming cause of WordPress hacking is plugin vulnerabilities.
For this reason, we believe that WordPress plugin vulnerabilities are the most important security measure to be aware of.
Why are plugin vulnerabilities used for hacking?
WordPress plugin vulnerabilities are published by NIST and other organizations with a view to alerting the public and encouraging them to update their plugins.
Example List of WordPress vulnerabilities
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=wordpress&search_type=all
However, since this information is available to hackers, hackers will create software to exploit these vulnerabilities one after another and attack WordPress in large numbers.
Hackers target vulnerabilities that are highly dangerous (and free for hackers), such as vulnerabilities in popular plug-ins that allow them to download or modify site files without logging in.
Are there a large number of dangerous vulnerabilities?
While a large number of plugin vulnerabilities are discovered every day, the most dangerous vulnerabilities in popular plugins are actually discovered in very small numbers (a few per year, I think). (I think there are only a few per year).
However, even a few per year can add up to a collection of dozens of strong vulnerabilities in a few years, and there is a huge number of sites that have not updated their plug-ins in several years.
This is why hackers seek out and attack sites that have old and dangerous vulnerabilities.
How to deal with vulnerabilities, vulnerability testing
The easiest way to squash a vulnerability in a plugin is to update the plugin. However, there are many plug-ins that are no longer updated and vulnerabilities are left unchecked.
In this case, the plug-ins should be checked for vulnerabilities, and if any are found, the plug-ins should be stopped and removed from use (it is also possible to program individual plug-ins to close vulnerabilities, but this is more difficult to do).
Vulnerabilities can be searched for at the following sites
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=wordpress&search_type=all
Our plugin allows you to easily inspect 2,000 of the most dangerous vulnerabilities. We hope you will also use this service.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].