Three Most Popular Plugins Easily Hacked

What is the Decision Phase
The Buyer’s Journey: What is the Decision Phase?
October 15, 2016
What is the Awareness Phase
The Buyer’s Journey: What is the Awareness Phase
October 25, 2016
Show all
Three Most Popular Plugins Easily Hacked

CloudFlare WAF Protection ByPassed Using Basic Scripts

Wordfence published results of recent research that revealed how basic level scripts were able to exploit three of the most popular WordPress Plugins on websites protected by CloudFlare WAF. If you have a WordPress website, you’ll want to look at this report.

Their research confirmed that it is possible to bypass Cloudflare Pro WAF using basic hacker scripts. After resetting Cloudflare’s default security settings to their highest levels, WordFence researchers ran some attacks to see if they could bypass Cloudflare using no special techniques. Using unaltered, off-the-shelf hacker scripts, they gained undetected access to the following well known vulnerable plugins:

  • Revolution Slider v2.3.91
  • MailPoet v2.6.4
  • Gravity Forms v1.8.1
  • Timthumb v1.12

It is widely known that Slider Revolution, Gravity Forms and TimThumb are three of the most vulnerable plugins. Twenty-five percent of WordPress website hacks occur through one of these three plugins.

The free version of WordFence blocked these identical attacks and it provides excellent security for your WordPress website. You can visit WordFence’s article for more information about CloudFlare vulnerabilities and to see their video demonstrating Cloudflare being bypassed by these exploits.

Revolution Slider is hugely popular and provides user friendly, beautifully customized sliders for every situation you can think of. Gravity forms is also one of the most popular plugins ever and many, many of our sites use both of these plugins. Hackers live to hack and make your WordPress life miserable. Does it mean you shouldn’t use these plugins? Absolutely not.

It does mean that you need to take WordPress security seriously, though. There is a long list of security measures you should have in place and be managing daily, weekly and monthly. In this article, we discuss 7 Easy Steps – WordPress Security for Beginners. I also recommend you check out “How to Protect Your Website From Brute Force Attack.”

Today’s hacker attacks are sophisticated, highly distributed and well organized – making information security more complex than ever. Don’t leave your security to chance. Our experts receive breaking alerts and implement next-level protection measures in real time. Not only can we can facilitate highly secure hosting and website maintenance, we can also significantly reduce the chances that your WordPress web site will succomb to a brute force or other malicious hacker attacks.

Have you been hacked? Do you have a strong WordPress maintenance and security system in place that protects and tells you in real time if your site is under attack? There is a lot to know about WordPress and server-level security. If you aren’t sure if your site is protected, give us a call or reach out to us via email.

We custom tailor high-speed, secure hosting and website maintenance solutions for each client.  Don’t lose sleep over website security.  We’ve got you covered.

Jillian Vanarsdall
Jillian Vanarsdall
Founder of Blue Iris Marketing. An inbound marketing agency assisting businesses, from start-ups to high-growth firms, to phenomenally tell their unique story in a noisy digital world. Our services include inbound marketing, Wordpress web design and development, SEO, and social media.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × two =