WordPress site security and CyberSEO Pro

WordPress site security and CyberSEO Pro

Let me start with some seemingly obvious advice that everyone should know about. Never activate so-called “nulled” plugins and themes that you downloaded from warez sites.

There are no Robin Hood’s in the real life that willing to buy premium themes and plugins just to share them with poor people. The vast majority of these hacked themes and plugins contain backdoors which allow hackers to take full control over your server in order to send spam, manage DDoS attacks, use it as a proxy for illegal activities or simply mine crypto on your hardware.

Keep in mind, that every plugin or them which is active at your website is able simply change an admin password to your WordPress dashboard against your will and you won’t know it, till you find out that your own password doesn’t work anymore…

Remember that everyone can easily modify any plugin or theme to change your password without hacking your site. This could be done by adding one single line of code into any plugin or theme code to call a standard and documented WordPress function, which is called wp_set_password() (click the link and read about it).

Do you see how easy to get a full control over your site? WordPress does not protect you against this type of attacks. So when you activate a plugin or a theme from an untrustworthy source, you literally open a door to your WordPress dashboard as well as your whole server, so anybody is able to use it. A hacker doesn’t need need to attack your website in order to get a full control over your server. The only the bad guy needs is you to activate a modified plugin or theme at your site. Only one single activation will totally compromise your server.

As for the CyberSEO Pro plug-in, it itself does not contain any malicious code and is protected against all sorts of attacks like CSRF etc.

However, the plugin has no protection against malicious JS code, which may be contained in posts you import from third-party resources, such as RSS feeds. So if you’re unsure of the content security on a site you’re pulling RSS feeds from, it’s better not to import anything from there.

Online security is no different from that we used to have in our everyday life. You wouldn’t take food from someone you don’t know or have an intimate relationship with a stranger. All because you are afraid of being poisoned or infected by something. The same rule applies to all your online activities. You shouldn’t try to feed your website with content from an unknown source. Otherwise, all responsibility for the negative consequences will fall on you, as the one responsible for the choice.

Don’t blame the plugin for honestly importing an infected article from a suspect RSS feed or some other content source into your WordPress posts. CyberSEO Pro is just a robot and it will bring you just everything you ask.

In addition to the above, I recommend that you install the free Wordfence plugin, which provides a quality site security and regularly scans your files for malicious code.

Do not neglect these simple and effective security things. It will help to secure you and your business against many problems.

The hidden dangers of using nulled WordPress plugins and themes