Announcements
PlugIn Danger
- Details
- Category: Announcements
I attended the Security Lock webinar last night 11/16. As usually Regina had some excellent information to talk about.
The title of the webinar tells it all - Uncovering The Hidden Dangers of the Shiney PlugIn Syndrome.
Addicted to plugins? There is a danger. Not all plugins are created equal. Many are allowed to get old and are no longer supported. Many are poorly written. There are those who spend their whole existing looking for the backdoors wreaking havoc everywhere they can.The more plugins you have, the longer it takes for the site to load. delete the plugins you have deactivated. Even deactivated plugins make the site slow down. The script is written to search every plugin to know what and what not to run.
Delete Immediately And Don't Use
By the time this review is posted, these two plugins may already have been deleted from the database
wp touch
backup buddy
timthumb vunerability the plugin has been updated, install the upgrade tonight. She was adamanat about this one it is that important.
Check your installed plugs in regularly
Check the database at Wordpress. You are looking for updates and more important that the plugin is still listed and supported. If plugins are no longer actively supported - do not use Beware old plugins that have not been updated in years learn to read the change log
deactivate and delete, do not leave it on your site. Blogs require regular maintainence. It is better by far to be safe and not sorry.
Some plugins may conflict with others. You know it happens when all you see is the white screen of death. Login and rename the plugin, it will disable it. Clever comment spam, dont approve them. when you do, it can open a back door to the site.Approve only relevant comments for quality control
www.exploit-db.com actually lists spammers and how they hacked a plugin. Hackers are very proud of the work they do and even tell other hackers how they did it. Kathy was telling me this morning that you can even check out YouTube to see how hackers do it. Can you imagine how much they could do if they created helpful programs instead of just working to wreck the hard work you do.
Don't click a link on an article without checking the link in your task bar. If the link isn't showing in the task bar, go to file ---> edit ---> view ---> task bar. This can help you to avoid going to sites or links that were hacked and may be different than the link the writer included
Another resource Regina shared is http://www.unmaskparasites.com/ This is a free site that will check your site, blog, cms any site on the web to make sure it is "clean" and free of parasites. I tried it and it works great
Help out, report problems
Delete junk from the database for footprints left behind. use with extreme caution/ plugin called clean options. search for orphans - be very careful deleting them do check over them before deleting them
Before removing anything back up your database. Do one thing at a time, check the site before going on to the next
You can find Regina's blog right here in the Study Hall in our blog posts. You can also find out more about Regina and all that she does at
www. nams.ws/audit
www.nams.ws/secure