Make your CMS faster

Find Out More

Platform Optimised Hosting

Back to blog

WordPress Plugin Vulnerabilities

Phil BackhousePhil18 February 2020

Following on from our post last month about the Code Snippets flaw, we are seeing more and more articles detailing WordPress Plugin Vulnerabilities. Recent add-ons affected include ThemeGrill Demo Importer, Profile Builder and GDPR Cookie Consent. It’s estimated that there are close to 1 million active installs on these 3 plugins alone.

Preventing WordPress Plugin Vulnerabilities

The simplest way to avoid your website being exploited is to keep your WordPress themes and add-ons updated as and when they are released.

Automating WordPress Updates

Softaculous
If you use Softaculous to create your WordPress installs it’s possible to set both themes and plugins to be updated automatically. This means that when a new release is made available your website will download and apply the update for you. This can be toggled via ‘Advanced Options’ when running the WordPress install.

softaculous-auto-upgrade

Through Functions.php
You can set WordPress to automatically install all plugin updates by simply adding a piece of code to your theme’s functions.php file or a site-specific plugin. If you prefer not to edit your core files, Code Snippets is an easy to use add on which will allow you to implement within the background. The code to be used is:

add_filter( 'auto_update_plugin', '__return_true' );

To set themes to be automatically be updated use:

add_filter( 'auto_update_theme', '__return_true' );

Using a Plugin
Another option to use a plugin to update other plugins… Easy Updates Manager has strong reviews and a variety of features…

Easy Updates Manager is a light yet powerful plugin that allows you to manage all kinds of update- both on your single site install, or in WordPress Multisite. With a huge number of settings for endless configuration, Easy Updates Manager is an obvious choice for anyone wanting to take control of their website updates.

If you decide to implement an automatic update policy to avoid WordPress plugin vulnerabilities it’s advised to keep regular back ups of your website in case a new version of an add-on subsequently causes conflicts on the website.

Phil Backhouse
Phil

Technical Support

Phil is a dedicated member of our Client Technical Support team. Passionate about Linux and exploring the vulnerabilities of insecure plugins, Phil constantly hones his skills to stay ahead of potential threats.

@clookinternet

Dive into the powerhouse duo of cPanel & WHM and discover how they can streamline your web hosting and server management! 🌐🔧

Elevate your coding skills! 🚀💻 Swipe through for our best advice on boosting your code’s efficiency and clarity💡

Struggling with your emails landing in spam? 🧐 It’s likely due to missing email authentication!

Top-Notch Security with Imunify360 Keep your websites safe and secure with Imunify360.