Outdated WordPress Support Plugins May Subject Website Owners to “Man-in-The-Middle” Attacks

By

Outdated WordPress Support Plugins

Today, WordPress continues to provide one of the most popular and widely used platforms for developing websites. Enterprises in the Greater Atlanta Area frequently utilize WordPress support plugins to add helpful features and services to web pages. Yet it remains vitally important to update site software (including plugins) on a timely basis. Failing to take this step potentially exposes site owners and their visitors to a variety of security threats.

DOWNLOAD OUR FREE WORDPRESS MAINTENANCE CHECKLIST

Malicious “Man-in-The-Middle” Attacks

Although the Internet offers remarkable access to information and services, cyber space remains fraught with a variety of hazards. Criminals sometimes exploit vulnerabilities in website software to take unfair advantage of other people. During “Man-in-The-Middle” attacks, they seek to insert themselves into transactions between website owners and visitors.

This type of online threat potentially harms both businesses and their prospective patrons. A Man-in-the-Middle attack may result in customers divulging a variety of sensitive financial and personal information under the assumption they have established communications with a legitimate site. The resulting data misappropriations may fuel identify thefts and/or result in customers sustaining monetary losses. Businesses also suffer significant harm when this crime occurs. An injured company may lose SEO ranking and sustain damage to its reputation. In some cases, con artists employ Man-in-The-Middle attacks to direct website visitors to competing sites.

Problems Due to Plugin Vulnerabilities

Recently, security analysts discovered a vulnerability in a WordPress plugin used to supply website support for real-time chat transcripts on a platform used in Facebook page messaging. Potentially, the problem would enable hackers to conduct a Man-in-The-Middle Attack and insert themselves into private conversations between Facebook page creators and visitors. Discovered on June 26, 2020, the issue prompted Facebook to patch the vulnerability quickly. A new, updated plugin became available on July 28th. The Facebook Chat Plugin version 1.6 corrects the recently detected flaw.

Unfortunately, over 80,000 installations of the previous plugin occurred. Some sites may still use older plugin versions. Potentially, the coding glitch allows an attacker to hijack chat conversations by linking the hacker’s own Facebook pages to sites using the vulnerable plugin. Security firms discovered glitches in the past affecting other WordPress plugins, including some offered by leading search engine companies.

An Ongoing Process of Detecting Software Vulnerabilities

Software glitches that constitute vulnerabilities sometimes do not become evident until days, weeks, months, (or even years) after online visitors begin using the impacted programs. Many factors contribute to vulnerabilities. These may include the release of new programs that fail to interact compatibly with older versions of software. Additionally, cyber criminals sometimes actively hunt for ways to exploit potential glitches in code.

The bottom line: to provide effective customer support, website owners need to ensure they actively update their software (including WordPress plugins) on a frequent basis. Only through a proactive effort to keep websites in a current, secure condition do site owners gain peace of mind today.

In large numbers, people visiting websites typically prefer online venues which maintain website security. The recent Coronavirus Pandemic resulted in a significant increase in remote workers in the United States. Presently, some security experts worry hackers may seek to damage insecure virtual private networks to exploit weaknesses, such as outdated plugins.

Obtaining Support Services For WordPress Websites

Enterprises that lack the time to oversee websites gain valuable support assistance by hiring full-time experts to provide this service. An experienced website developer may offer valuable input to help maintain and enhance site security. This process often includes simple (yet essential) tasks, such as regular site plugin updating!

DOWNLOAD OUR FREE WORDPRESS MAINTENANCE CHECKLIST

DoubleDome is a group of WordPress Web Designers and WordPress Support Experts based in Atlanta Georgia. Founded in 2000, DoubleDome offers 14 digital marketing services to clients across the country. Want to know how well your website is performing? Get A Free WordPress Website Scan for Speed, Security, Mobile Friendliness, & SEO Quality. Need help with your WordPress website? Get 24/7 Speed & Security Monitoring, Daily Backups, Upgrades, & UNLIMITED Technical Support with our WordPress Website Support Services.

Christopher Bradley

Post Written by

Chris co-founded DoubleDome Digital Marketing, merging his business degree and technical consulting experience with his fondness for all things Internet. Focused on sales & marketing, Chris has led DoubleDome to 20 straight years of profitability. He leads the marketing and sales groups.
Looking for an Atlanta Digital Marketing Company?

FREE Wordpress

Website Speed Test