813-319-4253 | Client Area

Statistics Show That WordPress Hackers Get In Through Third Party Extensions

The popularity of WordPress (WP) makes websites using the software, an attractive target for hackers. This is not because the framework is vulnerable, in fact, it is regarded as the most secure open source (unencrypted coding) software out of the box.

What tends to 'soften' WordPress' security abilities, are third party extensions, AKA, plugins and themes. Plugins will always hook into the WP functions to process data, and some developers may not follow the correct standards and may bypass security methods. Because third-party extensions are also open source, hackers can study its coding flow to see where it breaks the WP security. The hacker will then devise a URL query that will process as an administrator would, and allow them to enter or extract data to and from the database. In essence, a hacker could inject data to make them self an admin, then login as that admin, install an FTP plugin which gives them access to all the system files.

Graph Of Hacker Access

wordpress vulnerability stats

How To Avoid Vulnerable Plugins

  1. If you hired a webmaster or developer, ensure they are not installing pirated software. Those pirated apps tend to be injected with 'backdoor' coding that will allow someone to remotely login to your hosting control panel.
  2. If the dev installed an extension which was purchased with a single non-reusable license, you will not be able to get updates for that application. If a vulnerability is found later, it will forever be your weak link. Ask for receipts and login details for each purchased software.
  3. Not all free extensions are safe, in fact they all classify as 'use at your own risk'. Always read the one(1) star user reviews for plugins, to see what bad experience they had. Check all the installed plugins against the WordPress Exploits database.
  4. Install a monitoring extension like WordFence. It checks the integrity of all files in your WP installation and will notify of anything incorrectly coded.

List of pirated themes that include hidden backdoor files

These are commercially sold themes that are distributed by pirate sites as 'free' software, but they have been corrupted with backdoor files or coding. Hackers use the following URL queries to download the wp-config file which contains the database password and username.

This list grows overtime.

  • wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php
  • wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
  • wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
  • wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php
  • wp-content/themes/lote27/download.php?download=../../../wp-config.php
Category: Website Tips |

Assisted Annual Hosting $83.40

  • CPanel Hosting ready immediately
  • WordPress or Joomla system installed and configured to suit your needs.


  • Shopping Cart, Blog, Magazine, News, Video, Internet Radio, Church, Medical, Real Estate, Business Directory, Classifieds, Auto Trading etc
  • $20 Facebook marketing credit to immediately promote the website to over 10,000 viewers

Get Hosting Now

Service Expertise

WebsiteDons.com specializes in Joomla©™, WordPress©™ and Drupal©™ Content Management Systems which have all been award winning and most popular website operating systems. WebsiteDons.com is a one stop website services center for all your website solutions including unlimited web hosting, website design and development, search engine optimization and website search engine marketing. WebsiteDons.com have produced and supported over 4300 websites very efficiently and helped many clients achieve success online.

The single web hosting plan makes it simple for any small business to make the most of an online presence without muddling through numerous technical options which just leads to confusion.

WebsiteDons.com 813-319-4253 Owned and operated by Emuzement Net Inc.

Copyright © 2019 WebsiteDons.com. All Rights Reserved.