WordPress Plugin Vulnerabilities
Following on from our post last month about the Code Snippets flaw, we are seeing more and more articles detailing WordPress Plugin Vulnerabilities. Recent add-ons affected include ThemeGrill Demo Importer, Profile Builder and GDPR Cookie Consent. It’s estimated that there are close to 1 million active installs on these 3 plugins alone.
Preventing WordPress Plugin Vulnerabilities
The simplest way to avoid your website being exploited is to keep your WordPress themes and add-ons updated as and when they are released.
Automating WordPress Updates
If you use Softaculous to create your WordPress installs it’s possible to set both themes and plugins to be updated automatically. This means that when a new release is made available your website will download and apply the update for you. This can be toggled via ‘Advanced Options’ when running the WordPress install.
You can set WordPress to automatically install all plugin updates by simply adding a piece of code to your theme’s functions.php file or a site-specific plugin. If you prefer not to edit your core files, Code Snippets is an easy to use add on which will allow you to implement within the background. The code to be used is:
add_filter( 'auto_update_plugin', '__return_true' );
To set themes to be automatically be updated use:
add_filter( 'auto_update_theme', '__return_true' );
Using a Plugin
Another option to use a plugin to update other plugins… Easy Updates Manager has strong reviews and a variety of features…
Easy Updates Manager is a light yet powerful plugin that allows you to manage all kinds of update- both on your single site install, or in WordPress Multisite. With a huge number of settings for endless configuration, Easy Updates Manager is an obvious choice for anyone wanting to take control of their website updates.
If you decide to implement an automatic update policy to avoid WordPress plugin vulnerabilities it’s advised to keep regular back ups of your website in case a new version of an add-on subsequently causes conflicts on the website.