WordPress, with it's ever-growing popularity, is an attractive target for attackers. Many of its security issues come from third-party plugins and themes. Getting these listed on WordPress.org requires approval and must adhere to a strict list of guidelines. After this initial approval, however, future changes go through a less-stringent vetting process. This means your secure plugin of today could be your attacker's plugin of choice when it is updated in six months.
This case study reviews popular plugins and themes on WordPress.org to determine the general security posture of third-party plugins.
Download the case study to explore:
- The general findings;
- Best practices when deploying third party software;
- How to mitigate common and newly discovered vulnerabilities.