Tips Memilih Plugin WordPress

Tips memilih Plugin WordPress ini maksudnya adalah plugin-plugin wordpress yang berisi virus, worm, Trojan, atau backdoor, dll yang berpotensi merusak, mencuri data, membebani server, maupun membuat blog kita dibenci oleh google. Layanan wordpress yang merupakan opensourcedan memberikan keleluasaan untuk pihak ketiga dalam mengembangkan plugin selain memberikan dampak positif, juga banyak dimanfaatkan oleh pihak lain untuk hal-hal negatif.

Plugin-plugin berbahaya di wordpress tersebut tidak semuanya bisa difilter dengan baik oleh wordpress dan wordpress sendiri menyatakan tidak bertanggungjawab terhadap semua plugin yang ada. Karenanya hal ini dikembalikan kepada pengguna wordpress untuk berhati-hati dalam memilih dan melakukan instalasi plugin. Berikut adalah tips-tips dalam memilih plugin yang aman:

1. Hindari plugin-plugin berbahaya berikut.

Plugin-plugin wordpress berbahaya berikut diperoleh dari http://www.milw0rm.com/ yang berisi informasi potensi celah keamanan suatu software dan aplikasi. Pilih menu “Search” dan masukkan kata “wordpress” maka akan muncul plugin-plugin wordpress dan potensi bahayanya berikut:

  1. WordPress 2.8.1 (url) Remote Cross Site Scripting Exploit
  2. WordPress Plugin My Category Order <= 2.8 SQL Injection Vulnerability
  3. WordPress Privileges Unchecked in admin.php and Multiple Information
  4. WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability
  5. WordPress Plugin DM Albums 1.9.2 Remote File Disclosure Vulnerability
  6. WordPress Plugin DM Albums 1.9.2 Remote File Inclusion Vuln
  7. WordPress Plugin Photoracer 1.0 (id) SQL Injection
  8. WordPress Plugin Lytebox (wp-lytebox) Local File Inclusion
  9. WordPress Plugin fMoblog 2.1 (id) SQL Injection
  10. WordPress MU < 2.7 ‘HOST’ HTTP Header XSS Vulnerability
  11. WordPress plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability
  12. WordPress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln
  13. WordPress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit
  14. WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln
  15. WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln
  16. WordPress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
  17. WordPress 2.6.1 SQL Column Truncation Vulnerability
  18. WordPress Plugin Download Manager 0.2 Arbitrary File Upload Exploit
  19. WordPress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability
  20. WordPress Plugin Download (dl_id) SQL Injection Vulnerability
  21. WordPress Plugin Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities
  22. WordPress Photo album Remote SQL Injection Vulnerability
  23. WordPress Plugin Simple Forum 1.10-1.11 SQL Injection Vulnerability
  24. WordPress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability
  25. WordPress MU < 1.3.2 active_plugins option Code Execution Exploit
  26. WordPress Plugin st_newsletter Remote SQL Injection Vulnerability
  27. WordPress Plugin Wordspew Remote SQL Injection Vulnerability
  28. WordPress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities
  29. WordPress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit
  30. WordPress Plugin Adserve 0.2 adclick.php SQL Injection Exploit
  31. WordPress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability
  32. WordPress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability
  33. WordPress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
  34. WordPress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability
  35. WordPress <= 2.3.1 Charset Remote SQL Injection Vulnerability
  36. WordPress Plugin PictPress <= 0.91 Remote File Disclosure Vulnerability
  37. WordPress Plugin BackUpWordPress <= 0.4.2b RFI Vulnerability
  38. WordPress Multiple Versions Pwnpress Exploitation Tookit (0.2pub)
  39. WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit      21107 R
  40. WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit
  41. WordPress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
  42. WordPress plugin myflash <= 1.00 (wppath) RFI Vulnerability
  43. WordPress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability
  44. WordPress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability
  45. WordPress Plugin myGallery <= 1.4b4 Remote File Inclusion Vulnerability
  46. WordPress 2.1.2 (xmlrpc) Remote SQL Injection Exploit
  47. WordPress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit
  48. WordPress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
  49. Enigma 2 WordPress Bridge (boarddir) Remote File Include
  50. WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit
  51. WordPress <= 1.5.1.3 Remote Code Execution eXploit (metasploit)
  52. WordPress <= 1.5.1.3 Remote Code Execution 0-Day Exploit
  53. WordPress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
  54. WordPress <= 1.5.1.1 SQL Injection Exploit
  55. WordPress <= 1.5.1.1 “add new admin” SQL Injection Exploit
  56. WordPress Blog HTTP Splitting Vulnerability
2. Pilih plugin yang telah didownload lebih dari 10,000 kali.

Pilih hanya plugin plugin wordpress yang memiliki statistik telah didownload lebih dari 10,000 kali. Jangan jadi kelinci percobaan suatu plugin, pastikan telah banyak yang download plugin tersebut yang berarti cukup aman.

3. Kunjungi situs pembuat plugin wordpress tersebut.

Cek komentar yang ada di situs pemilik plugin tersebut. Hindari plugin plugin wordpress yang situs pembuatnya berisi komentar negatif.

4. Lihat reputasi pembuat plugin.

Pilih plugin plugin wordpress yang dibuat oleh orang yang memiliki reputasi yang baik atau telah beberapa kali membuat plugin yang tidak berbahaya. Meskipun ini bukan jaminan, namun setidaknya kredibilitas pembuat plugin bisa menjadi salah satu tolak ukur.

5. Scan plugin dengan menggunakan antivirus.

Untuk melakukan scan terhadap suatu plugin  sebaiknya download terlebih dahulu plugin plugin wordpress tersebut ke komputer kita sebelum diinstall agar bisa langsung di scan. Sebagian besar server di hosting tidak memiliki anti virus, jadi sebaiknya kita tetap mengandalkan anti virus yang ada di komputer kita. Salah dua antivirus yang cukup handal adalah “AVG Free Edition” dan “Avast Free Edition” yang mendeteksi adanya backdoor pada suatu file PHP.

Kesimpulan:

Plugin plugin wordpress adalah ciptaan pihak ketiga yang tidak dijamin oleh wordpress sendiri. Salah satu kasus cukup besar yaitu ketika program wordpress yang dihack. Blog security pernah melakukan interview langsung pada pencipta wordpress Matt Mullenweg di “WordPress hosted systems was hacked”. Plugin-plugin wordpress berbahaya di atas hanyalah sebagian kecil dari plugin plugin wordpress yang sebagian besar adalah plugin yang baik dan membantu dalam negblog di wordpress. Karenanya kita sebagai pengguna yang harus tetap berhati-hati dan cerdas dalam memilih plugin.

Bahan Referensi : http://www.bloggerpemula.info/plugin-plugin-wordpress-berbahaya-dan-tips-memilih-plugin-wordpress/

Iklan
Komentar
  1. Jedafluesse berkata:

    Some agencies provide paper and pens for you to make notes on speed dating yarm It is vital to mention that in the 3 or 4 minutes of meeting somebody, no one expects you to fall in love speeddating in leipzig Simply make certain to write down the name of everybody you see to keep your thoughts organized http://romantik-opdenhoevelk.blog.de/2012/02/13/speed-dating-12771850/ speed dating regensburg While your nerves may be setting in during Jewish speed dating, take deep breaths 🙂

  2. Fonda Kuhr berkata:

    Wow, fantastic blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is magnificent, let alone the content!. Thanks For Your article about Tips Memilih Plugin WordPress Secarik Kertasâ„¢ .

  3. grosir baju bayi berkata:

    Wow, fantastic blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is excellent, as well as the content!. Thanks For Your article about Tips Memilih Plugin WordPress Secarik Kertasâ„¢ .

  4. wakacje berkata:

    Hi there, You have done an incredible job. I will definitely digg it and personally recommend to my friends. I am confident they will be benefited from this site.

  5. I simply desired to say thanks yet again. I’m not certain what I might have used without those tactics shared by you relating to such area. It has been an absolute traumatic setting for me, but finding out the well-written approach you resolved the issue made me to jump with contentment. I’m just grateful for this help and thus have high hopes you really know what a powerful job that you’re doing training people today via your web site. Most probably you have never got to know any of us.

  6. I want to show some appreciation to the writer for bailing me out of this particular issue. Just after looking through the world-wide-web and seeing tips which are not productive, I figured my entire life was gone. Existing devoid of the answers to the difficulties you’ve fixed all through your entire website is a serious case, as well as those which could have adversely affected my entire career if I had not encountered your blog post. Your skills and kindness in playing with all the things was precious. I don’t know what I would have done if I hadn’t come upon such a subject like this. I can also at this point look ahead to my future. Thank you so much for this expert and sensible help. I will not hesitate to recommend your blog to anyone who should get tips about this topic.

  7. prezenty tata berkata:

    I’ve been exploring for a bit for any high-quality articles or blog posts on this sort of area . Exploring in Yahoo I at last stumbled upon this web site. Reading this info So i am happy to convey that I’ve a very good uncanny feeling I discovered just what I needed. I most certainly will make sure to do not forget this website and give it a glance on a constant basis.

  8. catering berkata:

    It’s really a nice and helpful piece of information. I’m glad that you shared this useful information with us. Please keep us informed like this. Thanks for sharing.

  9. excellent post, very informative. I wonder why the other specialists of this sector do not notice this. You must continue your writing. I am confident, you’ve a great readers’ base already!

  10. praca berkata:

    Thanks for your whole labor on this blog. My mum enjoys making time for investigations and it’s really easy to see why. Most people learn all concerning the compelling form you make valuable guidance by means of your web site and therefore boost contribution from website visitors on the subject plus my daughter is certainly becoming educated a whole lot. Take advantage of the remaining portion of the new year. You have been performing a superb job.

  11. Effissuff berkata:

    To get applied for 90 day payday loans, you simply got to apply through on-line method [url=http://paydayloans-online24.com/]payday loans online[/url] A payday loan is a short term loan that covers the borrower’s expenses until his next payday payday loans online These are short term loan and hence the amount will have to be reimbursed within 14 to 31 days http://paydayloans-online24.com/ payday loans online s always best to understand what you 🙂

  12. Sattegell berkata:

    local dating Capital of the United Kingdom and are inactive shy, answer me this: Which one looks care she is not gentle. [url=http://partnersuche.crowdvine.com/posts/38744635]partnersuche[/url] Moreover, cyber dating. partnersuche He can too sign up a profile at On-line dating sites. http://partnersuche.pipeno.com/article/winterurlaub-mit-neuer-liebe partnersuche dating online seems to be reliable and unfeigned. 🙂

Beri Komentar Disini

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s