Menu Close
Insider threat

Insider threat on WordPress

The Internet is wide open to everyone and dangers are everywhere. WordPress is an active target from the outside but I would like to point out the insider threat. Some smaller and some bigger.

Plugins have amazing development and the fight for information is often given right inside on your website. Those who request permission feel the lack of data that have enjoyed not so far and use tactics to convince the users that there is no danger if he accepts the collection of information.

Allowing the connection makes it possible to access any information that then turns into statistics of any kind to be used and even sold.

The risk comes not just from the big developers, but everyone. Email collection is a business for many years and if you wonder why you receive spam even if you did not use your address, it is sufficient to subscribe to a news feed or blog.

The fault does not belong to the owner of the website, but to the plugins used, which has direct access to the entire database.

Confidence has become too rare and we often have to double our efforts to make sure there are no dangers.

I don’t want to give examples of any kind, but just to draw attention to these dangers for you to take all safety precautions before testing or using these plugins.

Of course, not everyone abuses your trust, but the proportion is large enough to check more than you thought necessary.

The trend is growing, the evidence stands and the increasingly drastic measures taken by WordPress.

Until recently the vulnerability of some plugins was the main danger, but as the information became commercial, it is the main target of any data collection, whether they are insignificant at the individual level.


The biggest ones that triggered this hunt are of course google and facebook. The negative examples are easy to copy with the excuse that if they do that, anyone can, of course at a low level, on the order of millions.

On the model of the apps used especially on smartphones, developers ask for permissions and often amaze me because their number is almost total and especially can’t see a connection between the utility of the application and the permissions that are required.

In the case of plugins, no one informs you about the level of intrusion or what they need, but maybe in the future, more attention will be paid like in the case of cookies.

Until new regulations, the simplest solution is to be aware of the danger you face, not only when you use a site or an application, but also when you own a website and use many different plugins.

WordPress remains the most popular platform and my favorite in terms of dynamic websites. I have been using it for 9 years and I could see the development, the threats and even the reasons why it is the most used compared to others.

The best protection remains manually back-up. How you organize yourself and what you use is your choice.

And if you like to test and are curious about what’s new, choose a domain with no personal or commercial value and especially without sensitive data.

For those who are just starting and want to use WordPress, should not scare you. Security is better than ever and is constantly being improved.

Of course, risks will always exist and is valid for any platform, program or application. You have to learn and stay informed about how to best protect yourself.

Trust builds over time and quickly loses. It is a universal rule.

If you have a website too important, use a static version. If you need a blog or some dynamic pages, you can mix between them.

Any problem has to be solved and today more than ever, diversification allows us to choose the one that is most appropriate according to the needs of each one.

Share with friends!