EP27 – WordPressing with Abandon(ware)
In this episode of WPwatercooler’s Dev Branch, we’ll be joined by Robert Rowley, a Security Expert, to discuss a critical aspect of building sites with WordPress — plugins. Specifically, we’ll delve into the topic of abandoned plugins and the risks that they can pose to website security. We will spend some time exploring what happens to WordPress plugins that are no longer maintained by their developers and how they can be leveraged by attackers. We’ll also get into how some of these plugins can be used to add backdoors that can help attackers gain unauthorized access and compromise a site’s integrity. Finally, we’ll go over the options available to site developers when they find themselves face to face with an abandoned plugin on their site. One option is to adopt the plugin and update it to ensure its continued functionality and security. Another is to fork the plugin, update it, and add new features, building of off the original code and making it your own. Join us for this important conversation about orphaned WordPress plugins learn and how to keep your website safe from potential security threats. Links Attackers use abandoned WordPress plugin to backdoor websites – bleepingcomputer Plugin Last Updated Redux Plugin Dependencies – WordPress Plugins EP184 – WordPress Plugins: Adoption or Abandonment – WPwatercooler Chapters: 00:02:46 Abandoned WordPress plugins. 00:06:57 Abandoned plugin exploitation. 00:10:46 Abandoned plugins spike monitoring. 00:12:23 Plugin monitoring for improvements. 00:16:05 Cutting off outdated plugins. 00:19:20 Plugin review team struggles. 00:23:50 Moving towards GitHub. 00:27:33 Open source psycho pumps. 00:29:41 WordPress communication issues. 00:33:19 Plugin dependencies and updates. 00:38:51 Plugin adoption and abandonment. 00:40:24 Plugin security and monitoring. 00:44:10 Old email addresses and AI. Show Notes: https://wpwatercooler.com/devbranch/ep27-wordpressing-with-abandonware/