If you are using WordPress the chances are good that you are using plugins as well. And hopefully you are keeping them always up to date.
Recently I’ve been diving deeper into WordPress security and it’s a bit scary. According to Wordfence – plugin vulnerabilities represent 55.9% of the known entry points. That is a huge number!
Don’t get me wrong – plugins are great! Thanks to them you can greatly expand the capabilities of your website, but I often encounter cases where the clients keep using plugins, which they actually do not need at all. Plugins, which are no longer maintained, or which source code is simply of poor quality.
This is especially a big problem for people who themselves try to manage their site and have no previous programming experience. They are not able to assess the quality of plugin they want to use, so it’s easy to make a mistake.
It would be very useful to have a list of selected plugins that have been tested by professional developers and which you can safely use on your website.
Another problem is the issue that there is no control over what the plugin has access to. By installing the plugin you give it access to the entire website, including the database. And therefore, the plugin can actually extract data from the database and you have no influence on what kind of data it is.
So make sure that you are using plugins that you really need and keep them always up to date. Also, don’t forget to backup your website and database once in a while.