Categories
Keamanan

Plugin-plugin WordPress yang Berpotensi kena Hack

Pagi ini saya dapat laporan dari forumnya hacker tentang beberapa plugin WordPress yang bermasalah sehingga berpotensi kena SQL Injection. SQL Injection adalah sebuah cara menyusupkan kode tertentu ke query suatu program yang menyebabkan program tersebut beralih fungsi dari yang seharusnya. Kalau fungsi awalnya cuma membaca file, maka dengan SQL Injection kita bisa mengubah password admin hehehe… Mau tau cara SQL Injection? Belajar sendiri gan ditempat lain. Disini bukan tempat belajar hacking apalagi cracking.

Oke, berikut ini list plugin-plugin yang berpotensi kena serangan itu. Kalau ada upgradenya buruan diupgrade. Kalau ndak ada cari aja ganti yang serupa:

  1. WordPress Ajax Gallery 3.0 (sudah dihapus dari database WordPress.org)
  2. WordPress Global Content Blocks 1.2 (sudah dihapus dari database WordPress.org)
  3. WordPress WordPress Allow PHP in Posts and Pages plugin 2.0.0.RC1
  4. WordPress Menu Creator 1.1.7
  5. WordPress WP DS FAQ plugin (sudah dihapus dari database WordPress.org)
  6. WordPress WP Forum (sudah dihapus)
  7. WordPress File Groups (sudah dihapus)
  8. WordPress Contus HD FLV Player (sudah dihapus)
  9. WordPress Easy Contact Form Lite (sudah dihapus)
  10. WordPress IP-Logger Plugin (sudah dihapus)
  11. WordPress MM Duplicate Plugin (sudah dihapus)

Plugin-plugin tersebut telah dihapus oleh pengelola WordPress.org dari database plugin. Dan seharusnya dari database plugin blog anda juga. Dua plugin yang masih memiliki link berarti belum dihapus, jadi waspadalah jangan memakainya.

Jika anda tidak menemukan opsi lain kecuali plugin diatas, maka hendaknya memasang WordPress Firewall 2 untuk meminimalisir serangan. Mudah-mudahan informasi ini bermanfaat. Selalu ingat prinsip, Tidak ada kode yang benar-benar aman. Jadi jangan berlagak sombong dengan mengaku web anda punya keamanan maksimal πŸ™‚ Selalu ada celah selama itu buatan manusia.

By Lutvi

Bukan Ustadz, bukan Dai apalagi Kyai. Juga bukan guru. Hanya sekedar santri miskin ilmu yang coba mengamalkan 1 ayat warisan dari para ulama. Saat ini diamanahi menjadi admin web WordPress Indonesia

47 replies on “Plugin-plugin WordPress yang Berpotensi kena Hack”

benar mas lutvi, kemarin waktu mau nginstal ini plugin sempat keliling nyari tu plugin di wordpress.org ternyata tidak ada,,
cuma bisa diperoleh di website pengembangnya

wahhh… sy pke “WordPress Easy Contact Form Lite”
skrng harus nyari penggantinya deh..
btw.. mas lutvi, klo salah satu plugin ini sudah sempat terpasang gmana??? trus klo sy hapus, apa mash bs kena SQL Injection dri plugin ini!

[ASK] Saat akan menulis post baru, saya tidak bisa berpindah dari Visual Mode ke HTML Mode. Karena HTML mode nya gak bisa di klik.
Semua cara sudah saya lakukan termasuk men-disable semua plugin, mengganti Themes dgn default, mengupdate WP dgn yg fresh dan menghubungi pihak hosting. Tapi tidak menyelesaikan masalah saya.
Maaf klo pertanyaannya Out Of Topic, saya tidak tau harus gimana lagi. Berikut ini adalah screenshot nya : http://twitpic.com/69yn51
I need your help guys !!

mohon penjelasannya mas, saya bingung berat nih, semua menu kategori di webstore saya kalau di klik tidak bisa kebuka (tetap di home page), kejadiannya mulai semalam.

mas, kasih step by step cara melindungi blog wordpress dari serangan hack dong, biar kita merasa lebih aman, meski tidak bisa menjamin aman 100%. bisa saja sich bayar jasa untuk mengamankan blog wordpress kita, tapi yang lebih penting kita kan harus tahu ilmunya terlebih dahulu. thanks mas

[ask]
helo master, pernah gak kalian ngalamin

1. postingan kalian tidak ada meski database masih ada
2. list user tidak ada meski di database masih ada dan kalian masih bisa masuk tapi user yang kamu pakai itu tidaka da di list user
3. cek wp-config masih lengkap g brubah
4. database masih komplit

gak tau knapa brasa g rubah apa2 tapi seperti itu;
ada yang pernah mngalami? atau perkiraan tu knp?
silahkan para master tolong bantuannya πŸ™

I simply want to tell you that I am just all new to blogs and certainly loved your blog. Probably I’m going to bookmark your blog . You certainly have terrific articles and reviews. Thanks a bunch for sharing your website.

I just want to say I am newbie to blogs and really loved your web site. Likely I’m likely to bookmark your blog . You absolutely come with superb articles and reviews. Thanks a lot for sharing with us your web-site.

Fantastic goods from you, man. I have understand your stuff previous to and you’re just extremely wonderful. I actually like what you’ve acquired here, certainly like what you’re stating and the way in which you say it. You make it entertaining and you still take care of to keep it wise. I can’t wait to read far more from you. This is actually a wonderful website.

certainly like your web-site but you need to check the spelling on quite a few of your posts. Several of them are rife with spelling problems and I find it very bothersome to tell the truth nevertheless I will certainly come back again.

This is very interesting, You are a very skilled blogger. I’ve joined your rss feed and look forward to seeking more of your excellent post. Also, I’ve shared your website in my social networks!

I have been browsing online more than 3 hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. Personally, if all website owners and bloggers made good content as you did, the web will be much more useful than ever before.

I’m not sure where you are getting your information, but great topic. I needs to spend some time learning more or understanding more. Thanks for fantastic info I was looking for this information for my mission.

We are a gaggle of volunteers and starting a new scheme in our community. Your web site provided us with helpful info to paintings on. You have performed an impressive job and our whole neighborhood will be grateful to you.

I think this is among the most significant information for me. And i’m glad reading your article. But wanna remark on few general things, The web site style is great, the articles is really nice : D. Good job, cheers

After going over a handful of the articles on your web page, I really appreciate your technique of blogging. I saved it to my bookmark webpage list and will be checking back soon. Please check out my website too and tell me what you think.

(aircraft’s laptop or computer).. I would like to be aware of whether or not the US Air Force demands laptop engineers and if yes, will a pc engineer be wearing uniform and do they have armed forces ranks

Hey there this is kind of of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience. Any help would be enormously appreciated!

I was suggested this website by my cousin. I am not sure whether this post is written by him as no one else know such detailed about my problem. You are incredible! Thanks!

Comments are closed.