Popular WordPress plugin WP Statistics allowed hackers to steal database & hijack sites

Imagine your site gets hacked, and the hacker steals all your data despite every precaution you take. The passwords were robust, and nevertheless, they accessed your website online. This can be viable if the hackers find a route through a plugin inside the database. It becomes observed that the popular WordPress plugin WP Statistics had vulnerabilities that might allow hackers to get the right of entry to sites with admin privileges.

Security firm Sucuri announced that the popular WordPress plugin WP Statistics has a SQL injection vulnerability. This plugin has become pretty popular and has been established on more than 300,000 websites as of gift. The plugin was vulnerable inside the segment for the person-furnished data. It changed into like, any character with a simple subscriber account to the website online may want to leak data from the site.

WordPress plugin WP Statistics susceptible

WordPress gives users an API that permits builders to code such that users can inject the usage of a shortcode. The WP Statistics plugin lets users test the website’s statistics and speak to necessary statistics using the shortcode. However, the vulnerability became such that it no longer looked at admin privileges before giving the records. Almost everyone with a trifling subscriber account should get right on entry to it.

A common example of an assault in one of these situations could be when an attacker creates a subscriber account on the web page and leaves a touch upon any web page. The remark could have a javascript to perform the meant motion. As quickly because the administrator gets entry to the commenting phase to test for approvals, the javascript runs with administrator privileges, says Sucuri.


Jouko Pynnonen, a safety professional from Finland, said, “If the attacker writes new PHP code to the server thru the plugin editor, any other AJAX request may be used to execute it right away, whereby the attacker profits operating gadget stage get admission to at the server.” As horrifying as it sounds, all this stems from flaws in an unmarried WordPress plugin. The Trojan horse has been constant, and replacing the plugin as quickly as feasible is strongly recommended. A whole WordPress replacement might also be endorsed.

WordPress SEO Hacks to Boost Your Business Website Traffic

We all want websites that are search engine pleasant. But occasionally, while you are busy, it’s easy to post a brand new blog and be off to the following thing on your to-do list. Over time, this can certainly hurt your search engine marketing efforts. That’s why I’ve compiled this brief hit list of things you may do to reinforce your WordPress search engine optimization. Schedule these obligations on your calendar to make your blog traffic jump!

1) Post New Stuff Regularly

Google has a bias toward clean content. Part of Google’s set of rules shows how new the content is and gives preference to extra recent consequences. So publishing original content material on a normal foundation is crucial—also, length matters on the subject of content material. Generally, longer content ranks higher than shorter content. So attempt to make you put up at least 500 words.

2) Create a Keywords List

If SEO concerns you, you will want to broaden your keyword list. This is a list of keywords and phrases describing your products and services. These key phrases must consist of words from seeking expressions that are much more likely for users to locate your services online. Google has a few superb gears to make keyword studies clean, including Google Search, Google Suggest, Google Instant, and Google Wonder Wheel.

Hint: Rent a search engine optimization professional if you want a surely-centered keyword list!

3) Install an SEO Plugin

A couple of popular search engine marketing plugins to don’t forget are the All in One search engine marketing Pack and WordPress search engine marketing with the aid of Yoast. This will help you set keyword-wealthy custom titles and Meta descriptions for your posts for SERPs. Again, that is something your net clothier or a search engine marketing expert can, without difficulty, install for you.

4) Hand Submit to Search Engines

What truly is a domain if nobody can locate it? That’s why getting listed in Google and other popular search engines like Google and Yahoo, and directories are one of the only methods of getting unfastened focused site visitors on your website. You have possibly seen lots of automated submission services where you pay a small price for them to submit your website to loads of search engines. These services now not best won’t help – they could harm you.

Almost all of those free directories never ship an actual visitor to your website, and getting hyperlinks from them can hurt your capability to rank within real ships like Google and Bing. The pleasant practice is manually posting your website online to search engines like Google and Yahoo. WordPress makes this easy after setting up an account in Google, Bing, and Yandex Webmaster Tools. Ask your webmaster or SEO Specialist to set up these bills if uncertain.

5) Add Tags to your Posts

WordPress, immediately out of the box, comes ready to embody search engines. The tags features are one of these search engine optimization-friendly capabilities you should take gain of. Be positive to feature relevant keyword-rich titles in every post you submit.

6) Leave Comments on Other Blogs

Start linking extra to different humans’ blog posts and encourage them to hyperlink lower back to you. One seeks engine component that Google considers is backlinking. A website with extra one-way links is viewed a more authoritative and receives higher rankings.

7) Block Spam Comments

When humans leave feedback for your weblog, it counts as content material to Google. So when you have a website about DIY crafts, and someone leaves five remarks about “reasonably-priced enhancement drugs’ that ruins your keyword relevancy and hurts your rankings. So blocking off unsolicited mail remarks from posting to your blog will improve your search engine marketing and make your real blog readers happy.


Jeremy D. Mena
Alcohol geek. Future teen idol. Web practitioner. Problem solver. Certified bacon guru. Spent 2002-2009 researching plush toys in Miami, FL. Won several awards for exporting tar in Libya. Uniquely-equipped for managing human growth hormone in Libya. Spent a weekend implementing fried chicken on the black market. Spoke at an international conference about working on carnival rides in Miami, FL. Developed several new methods for donating jack-in-the-boxes in Edison, NJ.