One of the things we feel is important in discussing security threats to websites is to be realistic about the potential dangers of those threats. Far to often security companies will try to hype up minor issues, leading to unnecessary concerns about some things and to little concern about other things. One thing we see them doing is making a big deal about the amount of hacking attempts going on, while not mentioing that the success rate of those hacking attempts is incredibly small and many are done by people who clearly don’t know what they are doing. That second issues involves things like hackers try to exploit vulnerabilities that don’t actual exist or, as discussed in this post, doing things that make sure they won’t be successful in their hacking attempts.

In the past on this blog we have said that if it were not for us a lot of known vulnerable WordPress plugins would remain in the Plugin Directory. A quick reminder of that came last week when looking through a series of hacking attempts we saw one for a plugin that we did not have any vulnerabilities listed for yet: [Read more]