According to market-leading security firm Securi (yes, the same people we use to help secure our clients’ sites), the first quarter of 2016 has continued the trends of previous years with WordPress websites coming under sustained attack.
As WordPress is the most popular content management system, it’s not surprising that it is being singled out in this way. However, it is worth noting that Securi reports that three of the most widely-used plug-ins are responsible for opening the doors in around one-quarter of all successfully hacked WordPress websites.
The three plug-ins are RevSlider, Gravity Forms and TimThumb. Of these RevSlider is suspected of being the way that hackers managed to uncover the financial papers from the world’s fourth biggest offshore law firm Moassack Fonesca – the so-called ‘Panama Papers‘.
Now, there’s no need to panic if you know you have these plug-ins running on your site. So long as they’e been regularly updated, any security gaps will have been closed.
The problem is, however, if your Theme designer embedded earlier versions of these plugins directly into the theme code. If so, then you are relying on the Theme designer to regularly update the software every few months to close the security vulnerabilities. Many will, but some won’t. Because of the way they’ve embedded the codes, there’s no easy way for you to update them either. Fortunately, this web theme design practice has largely died out, but if you have an older theme, it could be worth checking when it was last updated and, if that hasn’t been for a while, maybe considering a new look for your website!