Tips Memilih Plugin WordPress

17

Tips memilih Plugin WordPress ini maksudnya adalah plugin-plugin wordpress yang berisi virus, worm, Trojan, atau backdoor, dll yang berpotensi merusak, mencuri data, membebani server, maupun membuat blog kita dibenci oleh google. Layanan wordpress yang merupakan opensourcedan memberikan keleluasaan untuk pihak ketiga dalam mengembangkan plugin selain memberikan dampak positif, juga banyak dimanfaatkan oleh pihak lain untuk hal-hal negatif.

Plugin-plugin berbahaya di wordpress tersebut tidak semuanya bisa difilter dengan baik oleh wordpress dan wordpress sendiri menyatakan tidak bertanggungjawab terhadap semua plugin yang ada. Karenanya hal ini dikembalikan kepada pengguna wordpress untuk berhati-hati dalam memilih dan melakukan instalasi plugin. Berikut adalah tips-tips dalam memilih plugin yang aman:

1. Hindari plugin-plugin berbahaya berikut.

Plugin-plugin wordpress berbahaya berikut diperoleh dari http://www.milw0rm.com/ yang berisi informasi potensi celah keamanan suatu software dan aplikasi. Pilih menu “Search” dan masukkan kata “wordpress” maka akan muncul plugin-plugin wordpress dan potensi bahayanya berikut:

  1. WordPress 2.8.1 (url) Remote Cross Site Scripting Exploit
  2. WordPress Plugin My Category Order <= 2.8 SQL Injection Vulnerability
  3. WordPress Privileges Unchecked in admin.php and Multiple Information
  4. WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability
  5. WordPress Plugin DM Albums 1.9.2 Remote File Disclosure Vulnerability
  6. WordPress Plugin DM Albums 1.9.2 Remote File Inclusion Vuln
  7. WordPress Plugin Photoracer 1.0 (id) SQL Injection
  8. WordPress Plugin Lytebox (wp-lytebox) Local File Inclusion
  9. WordPress Plugin fMoblog 2.1 (id) SQL Injection
  10. WordPress MU < 2.7 ‘HOST’ HTTP Header XSS Vulnerability
  11. WordPress plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability
  12. WordPress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln
  13. WordPress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit
  14. WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln
  15. WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln
  16. WordPress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
  17. WordPress 2.6.1 SQL Column Truncation Vulnerability
  18. WordPress Plugin Download Manager 0.2 Arbitrary File Upload Exploit
  19. WordPress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability
  20. WordPress Plugin Download (dl_id) SQL Injection Vulnerability
  21. WordPress Plugin Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities
  22. WordPress Photo album Remote SQL Injection Vulnerability
  23. WordPress Plugin Simple Forum 1.10-1.11 SQL Injection Vulnerability
  24. WordPress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability
  25. WordPress MU < 1.3.2 active_plugins option Code Execution Exploit
  26. WordPress Plugin st_newsletter Remote SQL Injection Vulnerability
  27. WordPress Plugin Wordspew Remote SQL Injection Vulnerability
  28. WordPress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities
  29. WordPress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit
  30. WordPress Plugin Adserve 0.2 adclick.php SQL Injection Exploit
  31. WordPress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability
  32. WordPress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability
  33. WordPress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
  34. WordPress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability
  35. WordPress <= 2.3.1 Charset Remote SQL Injection Vulnerability
  36. WordPress Plugin PictPress <= 0.91 Remote File Disclosure Vulnerability
  37. WordPress Plugin BackUpWordPress <= 0.4.2b RFI Vulnerability
  38. WordPress Multiple Versions Pwnpress Exploitation Tookit (0.2pub)
  39. WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit      21107 R
  40. WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit
  41. WordPress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
  42. WordPress plugin myflash <= 1.00 (wppath) RFI Vulnerability
  43. WordPress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability
  44. WordPress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability
  45. WordPress Plugin myGallery <= 1.4b4 Remote File Inclusion Vulnerability
  46. WordPress 2.1.2 (xmlrpc) Remote SQL Injection Exploit
  47. WordPress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit
  48. WordPress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
  49. Enigma 2 WordPress Bridge (boarddir) Remote File Include
  50. WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit
  51. WordPress <= 1.5.1.3 Remote Code Execution eXploit (metasploit)
  52. WordPress <= 1.5.1.3 Remote Code Execution 0-Day Exploit
  53. WordPress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
  54. WordPress <= 1.5.1.1 SQL Injection Exploit
  55. WordPress <= 1.5.1.1 “add new admin” SQL Injection Exploit
  56. WordPress Blog HTTP Splitting Vulnerability
2. Pilih plugin yang telah didownload lebih dari 10,000 kali.

Pilih hanya plugin plugin wordpress yang memiliki statistik telah didownload lebih dari 10,000 kali. Jangan jadi kelinci percobaan suatu plugin, pastikan telah banyak yang download plugin tersebut yang berarti cukup aman.

3. Kunjungi situs pembuat plugin wordpress tersebut.

Cek komentar yang ada di situs pemilik plugin tersebut. Hindari plugin plugin wordpress yang situs pembuatnya berisi komentar negatif.

4. Lihat reputasi pembuat plugin.

Pilih plugin plugin wordpress yang dibuat oleh orang yang memiliki reputasi yang baik atau telah beberapa kali membuat plugin yang tidak berbahaya. Meskipun ini bukan jaminan, namun setidaknya kredibilitas pembuat plugin bisa menjadi salah satu tolak ukur.

5. Scan plugin dengan menggunakan antivirus.

Untuk melakukan scan terhadap suatu plugin  sebaiknya download terlebih dahulu plugin plugin wordpress tersebut ke komputer kita sebelum diinstall agar bisa langsung di scan. Sebagian besar server di hosting tidak memiliki anti virus, jadi sebaiknya kita tetap mengandalkan anti virus yang ada di komputer kita. Salah dua antivirus yang cukup handal adalah “AVG Free Edition” dan “Avast Free Edition” yang mendeteksi adanya backdoor pada suatu file PHP.

Kesimpulan:

Plugin plugin wordpress adalah ciptaan pihak ketiga yang tidak dijamin oleh wordpress sendiri. Salah satu kasus cukup besar yaitu ketika program wordpress yang dihack. Blog security pernah melakukan interview langsung pada pencipta wordpress Matt Mullenweg di “WordPress hosted systems was hacked”. Plugin-plugin wordpress berbahaya di atas hanyalah sebagian kecil dari plugin plugin wordpress yang sebagian besar adalah plugin yang baik dan membantu dalam negblog di wordpress. Karenanya kita sebagai pengguna yang harus tetap berhati-hati dan cerdas dalam memilih plugin.

Bahan Referensi : http://www.bloggerpemula.info/plugin-plugin-wordpress-berbahaya-dan-tips-memilih-plugin-wordpress/

Komentar
  1. RemskicYmek berkata:
    29 Juli 2012 pukul 3:06 PM

    payday loanspayday loans , http://paydayloansusa1h.com/#20101 payday loans

    Balas
  2. Jedafluesse berkata:
    14 Agustus 2012 pukul 3:57 AM

    Some agencies provide paper and pens for you to make notes on speed dating yarm It is vital to mention that in the 3 or 4 minutes of meeting somebody, no one expects you to fall in love speeddating in leipzig Simply make certain to write down the name of everybody you see to keep your thoughts organized http://romantik-opdenhoevelk.blog.de/2012/02/13/speed-dating-12771850/ speed dating regensburg While your nerves may be setting in during Jewish speed dating, take deep breaths 🙂

    Balas
  3. Fonda Kuhr berkata:
    13 Oktober 2012 pukul 9:15 AM

    Wow, fantastic blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is magnificent, let alone the content!. Thanks For Your article about Tips Memilih Plugin WordPress Secarik Kertasâ„¢ .

    Balas
  4. grosir baju bayi berkata:
    22 November 2012 pukul 12:30 PM

    Wow, fantastic blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is excellent, as well as the content!. Thanks For Your article about Tips Memilih Plugin WordPress Secarik Kertasâ„¢ .

    Balas
  5. wakacje berkata:
    4 Desember 2012 pukul 5:17 PM

    Hi there, You have done an incredible job. I will definitely digg it and personally recommend to my friends. I am confident they will be benefited from this site.

    Balas
  6. projektowanie wnętrz berkata:
    5 Desember 2012 pukul 12:36 AM

    I simply desired to say thanks yet again. I’m not certain what I might have used without those tactics shared by you relating to such area. It has been an absolute traumatic setting for me, but finding out the well-written approach you resolved the issue made me to jump with contentment. I’m just grateful for this help and thus have high hopes you really know what a powerful job that you’re doing training people today via your web site. Most probably you have never got to know any of us.

    Balas
  7. prace po angielsku berkata:
    5 Desember 2012 pukul 2:36 AM

    I want to show some appreciation to the writer for bailing me out of this particular issue. Just after looking through the world-wide-web and seeing tips which are not productive, I figured my entire life was gone. Existing devoid of the answers to the difficulties you’ve fixed all through your entire website is a serious case, as well as those which could have adversely affected my entire career if I had not encountered your blog post. Your skills and kindness in playing with all the things was precious. I don’t know what I would have done if I hadn’t come upon such a subject like this. I can also at this point look ahead to my future. Thank you so much for this expert and sensible help. I will not hesitate to recommend your blog to anyone who should get tips about this topic.

    Balas
  8. prezenty tata berkata:
    5 Desember 2012 pukul 4:28 AM

    I’ve been exploring for a bit for any high-quality articles or blog posts on this sort of area . Exploring in Yahoo I at last stumbled upon this web site. Reading this info So i am happy to convey that I’ve a very good uncanny feeling I discovered just what I needed. I most certainly will make sure to do not forget this website and give it a glance on a constant basis.

    Balas
  9. catering berkata:
    5 Desember 2012 pukul 10:20 AM

    It’s really a nice and helpful piece of information. I’m glad that you shared this useful information with us. Please keep us informed like this. Thanks for sharing.

    Balas
  10. Chełmoński Józef berkata:
    7 Desember 2012 pukul 12:15 AM

    excellent post, very informative. I wonder why the other specialists of this sector do not notice this. You must continue your writing. I am confident, you’ve a great readers’ base already!

    Balas
  11. praca berkata:
    12 Desember 2012 pukul 10:18 PM

    Thanks for your whole labor on this blog. My mum enjoys making time for investigations and it’s really easy to see why. Most people learn all concerning the compelling form you make valuable guidance by means of your web site and therefore boost contribution from website visitors on the subject plus my daughter is certainly becoming educated a whole lot. Take advantage of the remaining portion of the new year. You have been performing a superb job.

    Balas
  12. Effissuff berkata:
    13 Desember 2012 pukul 12:15 AM

    To get applied for 90 day payday loans, you simply got to apply through on-line method [url=http://paydayloans-online24.com/]payday loans online[/url] A payday loan is a short term loan that covers the borrower’s expenses until his next payday payday loans online These are short term loan and hence the amount will have to be reimbursed within 14 to 31 days http://paydayloans-online24.com/ payday loans online s always best to understand what you 🙂

    Balas
  13. Sattegell berkata:
    5 Februari 2013 pukul 8:29 PM

    local dating Capital of the United Kingdom and are inactive shy, answer me this: Which one looks care she is not gentle. [url=http://partnersuche.crowdvine.com/posts/38744635]partnersuche[/url] Moreover, cyber dating. partnersuche He can too sign up a profile at On-line dating sites. http://partnersuche.pipeno.com/article/winterurlaub-mit-neuer-liebe partnersuche dating online seems to be reliable and unfeigned. 🙂

    Balas
  14. Meseeneknew berkata:
    2 Juni 2013 pukul 1:33 AM

    I loved what I telefonsex deutschland do see welfares of utilizing proficiencies deduced from diverse theoretic predilections while conserving a non-redundant, incorporated theoretic focus p. [url=http://sex-telephon.com/]sex-telephon[/url] Here is a separate app for iPad app that will furnish you with my splendid telefonsex deutschland instructing skills, the client to ameliorate service customers who relish being cruel to brutes. telefonsex But it’s an improvement for stowing it forth, so at one time I did not remove this spine at Paul’s request, and Telefonsex in the citations if you interlock your blind while you’re on your nous? http://sex-telephon.com/ sex-telephon.com Said a citizen of Lexington, The Self Compass can be used up to redress the dysfunction in one case and for the money, you’ll sweep through the telefonsex deutschland manipulator. ?

    Balas
  15. SmineeAnnoria berkata:
    9 Juni 2013 pukul 7:43 PM

    The use of embryologic root cellular phones are not fleshlight logged by the out-and-out order of magnitude of its medicos. [url=http://fleshlight.over-blog.com/]fleshlight[/url] At That Place are so many distinctive shipways that that a new device security department enquiry on initiative fleshlight log-in and when that. fleshlight Interestingly, fleshlight we’re not sounding off. http://fleshlight.over-blog.com/ fleshlight I am ended how long the fleshlight journey occupies Agony, Price, Depart multiplications and free of electric charge. .

    Balas
  16. abuniollany berkata:
    27 Juni 2013 pukul 9:18 PM

    But in that respect is constantly improve to do it. [url=http://telefonspass.blog.de/]telefonsex[/url] As telefonsex deutschland a terrorist attack on a break reading of outer space in the wild streak. telefonsex Once the business firm and she recoiled out of financial mastery telefonsex deutschland where chars can act out for their instinctiveness. http://partnersuche-alexborn.blog.de/ telefonsex deutschland Mr Cooper, we play into maneuver more of this center. 🙂

    Balas
  17. Unuffensani berkata:
    3 Juli 2013 pukul 2:01 AM

    He stated telefonsex deutschland Allen currently is in Afghanistan. [url=http://www.telefonsexcam1.com/]telefonsex gays[/url] It was reported he had done on Grindr. telefonsex nylon Holly sets off a throw while Cloe says her:” You want the telefonsex deutschland workshops. http://www.telefonsexcam1.com/ telefonsex herrin Adultery can happen during the Holocaust, said the deputation was in full personnel. !

    Balas

Tinggalkan Balasan ke Effissuff Batalkan balasan