Last week we found out that WordPress SEO by Yoast had a security compromise. Messages were blasted out everywhere, Update Your Plugins! (Actually you should be okay, because the issue was so severe WordPress.org did a forced update for everyone.) But you still should update your plugins!
This brings up a very serious topic I have been talking to my clients about. Plugins are the easiest backdoor for a hacker to walk through. Although we would like to think that this was an isolated incident, the only reason it was blasted from high and low is because WordPress SEO is the #1 downloaded WordPress plugin.
Trust me, bloggers big and small get hacked everyday because of old code in a plugin.
I have worked with a lot of bloggers over the past few months who want some help with their blogs functionality, the first thing I always check is plugins. I have been amazed by the sheer amount of un-updated plugins, from both the bloggers end and the builders end.
Most bloggers don’t realize that not updating plugins is a security risk. Their view is that their site is too small to be hacked. But that’s not true, a hacker doesn’t care how big you are. What they want is your platform, it doesn’t matter how big it is.[bctt tweet=”Update your plugins to keep your blog safe! #WordPress #Plugins”]
Here’s another thing you may not know.
A plugin is also vulnerable if the plugin author is not updating it.
I recently did a plugin check for a client and discovered two plugins that hadn’t been updated in over a year. That is a huge open door. Plugins are integrated into the code that WordPress is built on, if the author does not update his plugins, but your WordPress code is constantly being updated, then the code gets further and further from matching up.
Think of it as a zipper. The plugin is one side, and WordPress is the other. As long as both are up to date, the zipper is all zipped up. But if one of them is not updated the zipper starts opening and any Tom, Dick or Harry can climb in your hoodie.
Just remember, plugin authors are human and humans make mistakes, as was the case with WordPress SEO by Yoast. Humans can also decide they don’t want to do the same job anymore and abandon a plugin. It is your responsibility to stay on top of your plugins and WordPress updates.
If you need help, you can always ask. But for now, go login to your WordPress dashboard and update your plugins!