03-05-2020, 01:23 PM
Wordfence is an excellent security plugin that is also available free for those who use Wordpress. They must be making a lot of money as they have a team of specialists on WordPress doing real time research all of the time. They also have a treasure trove of up to date blog articles on security events (refer link at bottom of this post). Whenever a WordPress security event happens, such as the Woocommerce plugin that had to get an emergency patch recently following hackers gaining access to Websites through the Woocommerce plugin, they also check wider than the Woocommerce plugin. Wordfence then found similar issues as with Woocommerce with the following plugins as well - so if site administrators recognize them, they should take immediate preventive action:
Async JavaScript
Modern Events Calendar Lite
10Web Map Builder for Google Maps.
The above plugins exploit XSS vulnerabilities in the plugins that allow hackers to inject malicious Javascript that can create rogue WordPress administrators and install malicious plugins that include backdoors.
These hackers are just getting better and better at it all of the time. So it's important for site administrators to check whether they're using these plugins, or similar plugins, in order to avoid their Websites being hacked.
With regard to Woocommerce plugin. It has a reputation amongst seasoned WordPress users of being vulnerable and not reliable. So for new users or WordPress users who are not power WordPress users, although this plugin is very attractive, and can do a long list of attractive looking tasks, it is best to avoid this plugin.
Here is a link to the WordFence Security Blog Article:
https://www.wordfence.com/blog/2020/02/s...abilities/
And a more general Wordfence Blog link for other security blog articles that have recently been published by Wordfence.
https://www.wordfence.com/blog/category/...-security/
The blog articles are eye openers. Even the famous Duplicator Plugin was compromised recently. For me it sends a clear message to keep WordPress plugins to the bare minimum. To only use plugins that have a very large following with a demonstrated and recent support and update record by the owner, and vetted by WordPress.
Async JavaScript
Modern Events Calendar Lite
10Web Map Builder for Google Maps.
The above plugins exploit XSS vulnerabilities in the plugins that allow hackers to inject malicious Javascript that can create rogue WordPress administrators and install malicious plugins that include backdoors.
These hackers are just getting better and better at it all of the time. So it's important for site administrators to check whether they're using these plugins, or similar plugins, in order to avoid their Websites being hacked.
With regard to Woocommerce plugin. It has a reputation amongst seasoned WordPress users of being vulnerable and not reliable. So for new users or WordPress users who are not power WordPress users, although this plugin is very attractive, and can do a long list of attractive looking tasks, it is best to avoid this plugin.
Here is a link to the WordFence Security Blog Article:
https://www.wordfence.com/blog/2020/02/s...abilities/
And a more general Wordfence Blog link for other security blog articles that have recently been published by Wordfence.
https://www.wordfence.com/blog/category/...-security/
The blog articles are eye openers. Even the famous Duplicator Plugin was compromised recently. For me it sends a clear message to keep WordPress plugins to the bare minimum. To only use plugins that have a very large following with a demonstrated and recent support and update record by the owner, and vetted by WordPress.