|
The Dangers Of 3rd Party Plugins |
|
|
|
|
Written by Dianne Fratscher
|
You are probably aware of at least one, and perhaps all, of the following programs:
- Mozilla Firefox
- Internet Explorer
- WordPress
- Joomla
- ZenCart
Firefox and Internet Explorer are internet browsers that millions of people have installed on their computers today, with more installations occurring on a daily basis.
WordPress, Joomla and ZenCart are all 'Open Source' scripts that can be installed in your webspace for various purposes. Please keep in mind that each of the programs listed are simply examples of some of the software available today that encourages the creation of what's known as '3rd Party Plugins'.
WordPress for example has an extensive reportoir of plugins that will expand the base functions of this popular blogging platform, however it's imperative that you are aware that the majority of these add-ons are not created by the software developers. Instead, they are created by programmers - people who have a reason for writing special PHP code snippets that will integrate with the main softare to perform a particular task.
This is where the danger can lie. More often than not, we simply put our trust in the creator of the plugin (or add-on), and install their code - whether it's on a website or on our computer. Occassionally however the code may be vulnerable to attacks by hackers, and by installing them you may be opening your computer or website to the risk of attack.
It is very important that you are aware of the potential security risks that you're facing when using website scripts of any type, including 3rd party add-ons. It is heartbreaking to wake up in the morning to discover that your website has been vandalized during the night, or find it's completely missing all together. There is also the possibility that an add-on has more malicious intentions, that being to infect your website visitors computers with a virus (and yes, this is entirely possible).
One of my clients recently received an email from Google:
We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on Google.com.
During an audit of her website, my client discovered some suspicious code in one of her WordPress plugins. So how did it get there? Well, that is hard to say. It could have been the malicious intent of the plugin creator, or perhaps there was a security vulnerability within the plugin allowing a hacker in who then placed the malicious code into the plugin code. The intent of the code however was to infect the blog visitors computers with a virus of some sort.
Can you imagine the feeling of receiving an email like that from Google? That's not something that any of us would like to have happen!
I've put together several tips that will help to ensure that the 3rd party add-ons you're using are safe:
1. Research the plugin developer. If the creator of the plugin has been an active participant in the community forums of the main software, you should be able to get a general feeling for the type of person they are and if they're a code developer.
2. Make sure the plugin is up-to-date. Most software is updated on a regular basis and often the plugins created will require updating to ensure they'll still function properly with the latest software versions. If the plugin hasn't been updated in quite some time, it may pose a security risk by installing it.
3. Do a google search for the plugin to see what others are saying about it. User feedback can often be the best resource out there. If others have had trouble with the plugin then you may be better off to stay away.
These tips won't guarantee that your website or browser will never be hacked or hijacked, but it is important that you are aware of the danger of 3rd party plugins.
For website scripts like those noted above, I strongly recommend that you download backups of your website on at least a weekly basis to ensure that you always have a recent backup you can upload in case of emergency. It is important to discover where the vulnerability is within any installed scripts, but at least you'll be able to ensure that none of your website visitors will be effected by malicious code.
|
