Today’s recommended read is a good overview from NOUPE of recent vulnerabilities discovered in a number of leading WordPress plugins. This included File Manager, Page Builder, GDPR Cookie Consent, Duplicator, Site Kit by Google, and the InfiniteWP Client.
WordPress plugins are great tools to extend the functionality your site. Like any third party software you use, they can have issues and vulnerabilities. It is the reason why we recommend our Outcome Labs clients only to use plugins downloaded from the WordPress repository or directly from a recognized WordPress developer’s site if you are buying their commercial version. While we do utilize plugins with limited adoption (less than 10,000 installs), we recommend really researching who the plugin developer is and their reputation in the WordPress community.
We also recommend always keeping your plugins up to date. We validate and deploy updates within 24 hours of release for customers who are on a Outcome Labs WordPress Care Plan.
If you haven’t done it recently, check the WordPress updates page on your site today!