Why is it important to keep your WordPress plugins up to date?

GRIT Online blog – Why is it important to keep your WordPress plugins up to date
Just looked through client maintenance logs, and noticed large amount of hacking attempts to one of the sites. Luckily the attempts are just attempts, without any success.

Looking into the details, I noticed two main themes;

  1. The attempts come from many different IP addresses across the world
  2. Two WordPress plugins are in the main focus

It appears the attempts are focused on known vulnerabilities on the two WordPress plugins, and clearly in the hope that the plugins have not been updated. The site in question did not have those plugins installed in the first place, so there was no chance to begin with.

Outdated plugins with vulnerability, may allow hacker to utilize Remote Code Execution (RCE), essentially taking over the site, modifying the contents, destroying the site or utilizing the resources for coin mining activities, as an example. Coin mining has become a trendy activity, along with WannaCry type of blackmailing activities, as those have direct opportunity to create real money.

The other point indicates that a botnet is in the works. Botnets utilize compromised hosts, like windows PCs, to harness their computing and networking capabilities for malicious activities. Botnets utilize the power of the volume, and can have thousands of compromised hosts under control, hence utilize those hosts for varying malicious purposes, in very large volume. One common use case for botnets is Distributed Denial of Service, DDoS, which saturates and overloads the target system so bad, that it can no longer serve the original purpose. You do not want to have your own computer to be part of such botnet.

So, to cut the chase, here’s the beef of the story, in form of short list of recommendations;

  • Make sure that your computers are free from malware, and respective scanners are installed, and up to date.
  • Ensure that your computer operating system and other applications are up to date.
  • Keep updating your WordPress version and plugins, and keep them always to the latest.
  • Deactivate and also remove (!) all plugins, which you are not using actively.
  • Lastly, if everything else fails, you should have backups readily available, and also have tested that you can recover systems from those backups.
April 29, 2019


Ilari Arovuo

Ilari is Partner at GRIT Online and has nearly 40 years of experience in computer sciences, programming, IP networks, cyber security, telecommunications and international business management.


Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

Top Website Design Trends 2020

Top Website Design Trends 2020

Creating a compelling website design for businesses is a must as e-commerce stores tend to lack the personal...

Pin It on Pinterest

Share This