Plugin-plugin WordPress yang Berpotensi kena Hack

Pagi ini saya dapat laporan dari forumnya hacker tentang beberapa plugin WordPress yang bermasalah sehingga berpotensi kena SQL Injection. SQL Injection adalah sebuah cara menyusupkan kode tertentu ke query suatu program yang menyebabkan program tersebut beralih fungsi dari yang seharusnya. Kalau fungsi awalnya cuma membaca file, maka dengan SQL Injection kita bisa mengubah password admin hehehe… Mau tau cara SQL Injection? Belajar sendiri gan ditempat lain. Disini bukan tempat belajar hacking apalagi cracking.

Oke, berikut ini list plugin-plugin yang berpotensi kena serangan itu. Kalau ada upgradenya buruan diupgrade. Kalau ndak ada cari aja ganti yang serupa:

  1. WordPress Ajax Gallery 3.0 (sudah dihapus dari database WordPress.org)
  2. WordPress Global Content Blocks 1.2 (sudah dihapus dari database WordPress.org)
  3. WordPress WordPress Allow PHP in Posts and Pages plugin 2.0.0.RC1
  4. WordPress Menu Creator 1.1.7
  5. WordPress WP DS FAQ plugin (sudah dihapus dari database WordPress.org)
  6. WordPress WP Forum (sudah dihapus)
  7. WordPress File Groups (sudah dihapus)
  8. WordPress Contus HD FLV Player (sudah dihapus)
  9. WordPress Easy Contact Form Lite (sudah dihapus)
  10. WordPress IP-Logger Plugin (sudah dihapus)
  11. WordPress MM Duplicate Plugin (sudah dihapus)

Plugin-plugin tersebut telah dihapus oleh pengelola WordPress.org dari database plugin. Dan seharusnya dari database plugin blog anda juga. Dua plugin yang masih memiliki link berarti belum dihapus, jadi waspadalah jangan memakainya.

Jika anda tidak menemukan opsi lain kecuali plugin diatas, maka hendaknya memasang WordPress Firewall 2 untuk meminimalisir serangan. Mudah-mudahan informasi ini bermanfaat. Selalu ingat prinsip, Tidak ada kode yang benar-benar aman. Jadi jangan berlagak sombong dengan mengaku web anda punya keamanan maksimal πŸ™‚ Selalu ada celah selama itu buatan manusia.

Dicari dengan kata kunci:

wordpress kena hack,hack wordpress,wordpress hack,cara hacking wordpress,bobol wordpress,wordpress di hack,link:cafebisnis com,cara hack plugins wordpress,cara bobol wordpress,cara hack wp

47 thoughts on “Plugin-plugin WordPress yang Berpotensi kena Hack

      1. adhani

        benar mas lutvi, kemarin waktu mau nginstal ini plugin sempat keliling nyari tu plugin di wordpress.org ternyata tidak ada,,
        cuma bisa diperoleh di website pengembangnya

  1. cbpartner

    wahhh… sy pke “WordPress Easy Contact Form Lite”
    skrng harus nyari penggantinya deh..
    btw.. mas lutvi, klo salah satu plugin ini sudah sempat terpasang gmana??? trus klo sy hapus, apa mash bs kena SQL Injection dri plugin ini!

  2. Taufan Prakoso

    [ASK] Saat akan menulis post baru, saya tidak bisa berpindah dari Visual Mode ke HTML Mode. Karena HTML mode nya gak bisa di klik.
    Semua cara sudah saya lakukan termasuk men-disable semua plugin, mengganti Themes dgn default, mengupdate WP dgn yg fresh dan menghubungi pihak hosting. Tapi tidak menyelesaikan masalah saya.
    Maaf klo pertanyaannya Out Of Topic, saya tidak tau harus gimana lagi. Berikut ini adalah screenshot nya : http://twitpic.com/69yn51
    I need your help guys !!

  3. sicucu

    wah terimakasih share nya pak, jadi tahu sekarang, tapi ada satu plugin lagi yang ga ada pa di wordpress.org , yaitu mobilepress , , kenapa ya pak??

  4. ayesha

    mohon penjelasannya mas, saya bingung berat nih, semua menu kategori di webstore saya kalau di klik tidak bisa kebuka (tetap di home page), kejadiannya mulai semalam.

    1. masgon

      wah koq sama ya masalahnya….
      klo diklik kategorinya malh muncul pesan “page not found”

      bingung

  5. Chayangku.Com

    mas, kasih step by step cara melindungi blog wordpress dari serangan hack dong, biar kita merasa lebih aman, meski tidak bisa menjamin aman 100%. bisa saja sich bayar jasa untuk mengamankan blog wordpress kita, tapi yang lebih penting kita kan harus tahu ilmunya terlebih dahulu. thanks mas

  6. ianx

    [ask]
    helo master, pernah gak kalian ngalamin

    1. postingan kalian tidak ada meski database masih ada
    2. list user tidak ada meski di database masih ada dan kalian masih bisa masuk tapi user yang kamu pakai itu tidaka da di list user
    3. cek wp-config masih lengkap g brubah
    4. database masih komplit

    gak tau knapa brasa g rubah apa2 tapi seperti itu;
    ada yang pernah mngalami? atau perkiraan tu knp?
    silahkan para master tolong bantuannya πŸ™

  7. my site

    I simply want to tell you that I am just all new to blogs and certainly loved your blog. Probably I’m going to bookmark your blog . You certainly have terrific articles and reviews. Thanks a bunch for sharing your website.

  8. more

    I just want to say I am newbie to blogs and really loved your web site. Likely I’m likely to bookmark your blog . You absolutely come with superb articles and reviews. Thanks a lot for sharing with us your web-site.

  9. Bruce Lavee

    Fantastic goods from you, man. I have understand your stuff previous to and you’re just extremely wonderful. I actually like what you’ve acquired here, certainly like what you’re stating and the way in which you say it. You make it entertaining and you still take care of to keep it wise. I can’t wait to read far more from you. This is actually a wonderful website.

  10. Felipa Custa

    certainly like your web-site but you need to check the spelling on quite a few of your posts. Several of them are rife with spelling problems and I find it very bothersome to tell the truth nevertheless I will certainly come back again.

  11. Hipolito M. Wiseman

    Sorry for the huge review, but I’m really loving the new Zune, and hope this, as well as the excellent reviews some other people have written, will help you decide if it’s the right choice for you.

  12. Ethelyn Daymude

    This is very interesting, You are a very skilled blogger. I’ve joined your rss feed and look forward to seeking more of your excellent post. Also, I’ve shared your website in my social networks!

  13. Edmond Cones

    I have been browsing online more than 3 hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. Personally, if all website owners and bloggers made good content as you did, the web will be much more useful than ever before.

  14. Francis Guenette

    I’m not sure where you are getting your information, but great topic. I needs to spend some time learning more or understanding more. Thanks for fantastic info I was looking for this information for my mission.

  15. Hayley Zwiefel

    We are a gaggle of volunteers and starting a new scheme in our community. Your web site provided us with helpful info to paintings on. You have performed an impressive job and our whole neighborhood will be grateful to you.

  16. Pauline Castellaneta

    I think this is among the most significant information for me. And i’m glad reading your article. But wanna remark on few general things, The web site style is great, the articles is really nice : D. Good job, cheers

  17. Tequila Denapoli

    After going over a handful of the articles on your web page, I really appreciate your technique of blogging. I saved it to my bookmark webpage list and will be checking back soon. Please check out my website too and tell me what you think.

  18. Waltraud Fasick

    (aircraft’s laptop or computer).. I would like to be aware of whether or not the US Air Force demands laptop engineers and if yes, will a pc engineer be wearing uniform and do they have armed forces ranks

  19. Esperanza Inloes

    Hey there this is kind of of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience. Any help would be enormously appreciated!

  20. Codi Keats

    I was suggested this website by my cousin. I am not sure whether this post is written by him as no one else know such detailed about my problem. You are incredible! Thanks!

Comments are closed.