Plug-Ins That Left Thousands Of Shoppers On WordPress Sites Vulnerable On Black Friday And Cyber Monday

Thousands of Americans geared up for massive shopping events all across the dotcom world as Thanksgiving came to an end. Little did they know that their bank details and private information was being laid bare by the securityplug-ins used by hundreds of ecommerce platforms?Thanksgiving Day, Black Friday and Cyber Monday saw thousands of shoppers literally hand out their account and card details to hackers all over the internet.

No, this is not the prologue of a horror story. This is a very recent event that left the tech-world stricken with the horror of multiple breaches of privacy on trusted WordPress based ecommerce websites. The specific names of the websites have not been mentioned or the names (versions) of the plug-ins used by them, but the most recent report show us that over 100,000 websites were left defenseless.

What is the most noted vulnerability?

blog-banner

We might choose to turn a blind eye to the faults of our favorite CMS platform and website templates, but WordPress plug-ins have massive security problems. Of the many vulnerabilities that were unearthed this November the worse may have been an unpatched version of Revolution Image Slider Plug-in. This was essentially an out-of-date version of RevSlider that was used extensively by WordPress websites. This plug-in was used to leak massive amounts of personal data in the notorious Panama Papers leak in April 2016. This correlated to the leak of over 2.6 TB of data and 11.5+ million documents during that time.

Very recently, DynamicPress fixed a major loophole in the WordPress plug-in design that could allow any third party to upload malicious files running on Neosense WordPress templates. This was earlier in September, and possibly all the websites using the concerned themes and the servers hosting them as well.

Crunching the numbers –
About 50 percent of the websites that were attacked by the cyber criminals used out-of-date security features and none of their plug-in versions were updated. This was later confirmed by a report released from Website Hacked Report. It was also when WordPress plug-ins wasdeclared to be at fault, since 78 percent of all hacked websites were WordPress sites.

The word in the market –
Checkmarx has analyzed 12 top ecommerce website plug-ins for WordPress to unveil their significant security threats. Out of the 12, 4 plug-ins have high risk vulnerabilities. Reflected XSS was the most commonly found fault among the faulty plug-ins and an SQL injection was found in at least one of them. File manipulation was a common factor in all the compromised plug-ins that was being used by over 100,000 online stores. By the time Black Friday shopping was over, millions of account details were already in the hands of hackers. If the vulnerabilities have been exploited by the hackers to their full potential then the users of 135,000+ websites could find their sensitive information in the hands of cyber criminals.

Why do people usually go with WordPress?
Most online retailers and entrepreneurs go for WordPress since they are easy to set up and publish. The lion’s share of work on the website is done by the plug-ins. The admin’s main responsibility is to check if all updates take place on time. In the most recent trend of events, even physiotherapists, dentists and physicians are turning to WordPress for creating their online profiles. But the trend is stronger among the clinics and healthcare organizations that commission their services.

WordPress is their primary choice simply because the templates are ready-to-use and mobile friendly, you can monitor traffic real-time and you can easily make your healthcare related website SEO friendly. Each and every template and theme from WordPress comes with SEO features. Be it medical SEO, physiotherapy SEO, neurology SEO or dental SEO marketing, your chosen WordPress theme is probably equipped enough to handle it! Thus by choosing WordPress you can automatically stay ahead of your competition.

Why was the WordPress incident not an incorrigible mess?
Now, with the most recent threats experienced by WordPress website users it might be normal to experience a decline in footfall. But thankfully enough, most of your website visitors are not expert enough to tell what CMS platform you are using. On the other hand, there was a very recent security scandal that involved Joomla! websites as well. This was after WordPress was diagnosed with serious vulnerabilities. The Joomla! security announcements were made on 26 October 2016. This not only distracted the more well-learned audiences but also proved that these kinds of threats do happen.

That extra bit to boost your sales –
But you can take the extra step and send out mailers to all your clients, and publish customized posts through your social media accounts about the measures you have taken to protect your clients. The most important things you need to clarify here should include – the version of engine you may be using, the updated version of the security plug-ins and the added security measures that you have adopted after the incident that took place in late November.

A word to the WordPress website owners –
It is not impossible to steer clear of all security issues all the time. as your security evolves, so does the technology of hacking. In a Red Queen’s race of survival, no one can definitively best the other. If you are safe today, that is only a temporary relief. You need to constantly upgrade your plug-ins and security with the latest security patches to keep your firewalls strong. Keep running vulnerability tests on your websites and commission help from agencies who specialize in doing so. It is always better that you find an overlooked backend entrance rather than a team of hackers show it to you.

Author bio: Anthony Perez is a well known name in the fields of cyber security and digital marketing. He has been an SEO expert and has been honing his skills for the last 6 years. He has been dabbling with cyber security only recently. If you have any queries about marketing strategies, like – health SEO strategies, dental SEO marketing and doctor SEO options reach out to Perez with your questions.

About Sonnal S Sinha

Sonnal S SinhaSonnal S Sinha is a passionate writer as well as WordPress and WooCommerce rockstar who loves to share insights on various topics through his engaging blog posts. He runs a successful website design and digital marketing company. With 15+ years of experience in WordPress theme development, he strives to inform and inspire readers with his thought-provoking content. He helps thousands of small and medium businesses and startups create a unique online presence. Follow Sonnal S Sinha for your regular dose of knowledge and inspiration.