GDPR Plugin Exploit
The popular WordPress plugin WP GDPR Compliance, which has over 100,000 active users, was temporarily removed from the WordPress plugin repository after serious vulnerabilities were discovered this week.
The vulnerabilities allow attackers to achieve privilege escalation, which could allow them to infect websites with malicious code and malware. Since this issue was exposed, an update to the plugin has been released (1.4.3) which patched the vulnerabilities. If you’re using this plugin on your website, you should update it immediately or disable it.
Why you should always keep plugins updated
We come across a lot of websites that have been neglected for a long period of time, including updating plugins. Vulnerabilities like the recent one identified with the WP GDPR Compliance plugin are common. Developers are usually quick to resolve the issues and release an update. Unfortunately, a lot of websites using these plugins don’t update them straight away, leaving them open to attack. The GDPR vulnerability is a perfect example.
Automating the update process
It’s really easy to update plugins manually from the WordPress admin area, however a lot of site owners may not login frequently and struggle to get into the habit of checking their plugins on the regular.
Thankfully there are some options available to automate the plugin update process.
Example: We use Automate from wpmudev for the 20+ websites we manage, ensuring all sites are always up to date.
Automate looks after 2 crucial parts of managing a website:
- Checks for updates to plugins, WordPress core and theme files.
- Takes a full backup of the website and automatically installs them.
Keep it even simpler and get a digital agency to manage your website for you!
We offer affordable managed hosting starting from $35 AUD per month. This covers everything to ensure your website keeps ticking along with zero hassles for you, including:
- Lightning fast hosting with Amazon Web Services
- 24x7x365 website performance monitoring
- Critical issue resolution
- Keeping plugins, core and theme files updated