Why Your WordPress Plugins And Theme Are The Key To Your Blog’s Security Issues

If you are going to make a web site these days then there are a few ways that you can go about it. The first way is that you can make it from scratch. Just you, a text editor, and a graphics program creating what is sure to become the next great web site. While it may be rewarding by having more control of your web site in this manner it can still take a long time and you will be redoing problems that have already been solved with other pieces of software.

Another way that you can build a modern day site is through the use of a content management system or otherwise known as a CMS. This allows you to place a web site on the internet quick and easily. Instead of the months that it would take you to build a web site you can have one done in days, maybe even hours.

The most popular content management system out right now is called WordPress. WordPress is an open source content management system that most people use for blogs but it can really be shaped to be any kind of web site that you would like it to be. Some people think that the reason the software is so popular is because it is free. That is not the case. There are several free software solutions out there that are also content mangement systems but they do not do the job as good as WordPress does. The reason why WordPress is so popular is because of how easy it is to install and also how easy it is to customize.

There are thousands of both plugins and themes that will allow you to make the look and function of WordPress into anything that you like. If you want your web site to look like a magazine then there are themes that will allow you to do that. If you want your WordPress installation to be a review web site then there are themes that are able to do that as well. You can either get free or premium themes. The same thing goes with plugins as well.

But along with this ability to customize the software there is a great risk. When you are placing these things in your WordPress installation you are introducing code that wasn’t there before. Let’s go into why this might be dangerous.

check your WordPress plugins and theme for malware

check your WordPress plugins and theme for malware

How do plugins and themes cause holes in your security?

As I said earlier in this article, when you add a theme or a plugin to your blog you are adding extra code to the web site. Unless you take a real close look at this code, you do not know what holes you are letting in. While it may seem like they are two separate issues that is not the case. The code is a security concern just as if you had installed the addition when you first created the web site.

When it comes to plugins in particular you are introducing code that may have access to the database and a number of other core parts of the wordpress installation. If you are not sure of how careful the coder was when he created the plugin then there can be a number of different holes that might be awaiting you.

When it comes to the themes that you might place in your WordPress installation it is less of a problem with internal access and more so with the links that are added. There are a lot of themes out there which will have links already in place. Sometimes these links are what is known as sponsored links. This means that instead of being paid to create the theme the person who made it found a sponsor to advertise on the theme. But sometimes these sponsored links are not really sponsored at all. They are links to get you to another web site where there is some sort of malicious malware waiting for you. This has happened a lot with WordPress themes especially the free ones. As the owner of the blog who has placed this malware link on their web site you will get the blame. People do not know that this theme is something that you found. They will think that you placed the link on the site and tried to infect their computer.

How can you battle these security problems?

If you want to make sure that these security problems do not happen to you then you must make sure that where you are downloading the plugin or theme is safe. Most people who have a blog are not going to be able to check the code itself to know whether it is safe or not. So go by the reviews that you see posted about the plugin or theme and take your cue from that. Try your best to go to trusted web sites to get these pieces. There are more people there to verify that what you are downloading is not a trap for your users.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] there seems to be a lot of black hat hackers who target the platform. They are able to make rogue themes and plugins and place them on an unsuspecting person’s web site. Once it is on there, it is able to stay […]

  2. […] are sometimes security problems with the software. There have been several known holes in both the Themes and the Plugins that have had to be addressed. And even sometimes the core of WordPress has been found to have had […]

  3. […] of tools for it. Some of these tools change how the Blog looks and some of them change how it acts. These tools are called Themes and Plugins. With all of these features put together it is easy to see why people love using the WordPress […]

Speak Your Mind