-OUR [WORDPRESS PLUG-INS]- - -KINGDOM OF JOGA-

OptinMonster is the best WordPress popup plugin that helps you grow your email list and sales with email popups, exit intent popups, floating bars and more!

#12

“PAGE TITLE SPLITTER”

*adds ‘break-points’ to |[post / page / custom post] titles|*

#13

“REALLY SIMPLE SSL”

(there is an ‘upgrade to $$$ premium option)

Lightweight plugin without any setup to make your site SSL proof

#14

“SITE-ALERT”
(formerly ‘wp health’)

Keep your site secure and usable with our simple WordPress monitor!

#15

*UPDRAFT PLUS*
(BACKUP/RESTORE)

*27 SEPTEMBER 2023* —>

Backup and restore: take backups locally, or backup to

Amazon S3,

Dropbox,

Google Drive,

Rackspace,

(S)FTP,

WebDAV

& email,

(…on ‘automatic schedules’)

#16

*VELVET BLUES UPDATE URLS*

#17

“WORDPRESS IMPORTER”

#18

*WP FILE MANAGER*

Manage your WP files

#19

*WP GOOGLE MAPS*

The easiest to use Google Maps plugin!

Create custom Google Maps with high quality markers containing locations, descriptions, images and links.

Add your customized map to your WordPress posts and/or pages quickly and easily with the supplied shortcode.

No fuss

#20

“SEARCH CUSTOMIZATION PLUG-INS”

“SEARCH WP”

#21

“WP FORMS LITE”

Beginner friendly WordPress contact form plugin.

Use our Drag & Drop form builder to create your WordPress forms

*upgrade to ‘pro’*

#22

“WP SCAN”

#23

“YOAST DUPLICATE POST”

The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature

#24

*BLOCK GUIDE LINES*

-[RE-SIZE] IMAGE AFTER UPLOAD-

-WP OPTIMIZE-

-WP SWEEP-

-SHORT PIXEL-

-IMSANITY-

*OUR FORMER PLUG-INS*

“EXPORT MEDIA LIBRARY”

*AUTO UPLOAD IMAGES*

“WP GOOGLE SEARCH”

*SECONDARY TITLE*

“SAVE WITH KEYBOARD”
(aw! i really liked that one!)

*OUTDATED PLUG-IN WARNING*

XXX has not been updated in over two years which indicates that it is no longer supported by the developer.

There could be security issues that will not be fixed!

Please reach out to the developers to ensure this is still supported or look for alternatives and uninstall this plugin

*as of ’19 may 2021’* –>

*AUTO UPLOAD IMAGES*

*SAVE WITH KEYBOARD*
(aw! i really liked that one!)

(keep ‘wp google search’ inactive)

(“save with keyboard” is too useful to be deleted outright)

*WP PLUG-IN SAFETY CHECKS*
(“THEMEISLE LINK”)

Are you worried about WordPress plugin vulnerabilities sinking your site?

A 2016 survey of hacked website owners by Wordfence found that 55.9% of WordPress websites (whose owners determined the hacker’s point of entry) were compromised due to plugin vulnerabilities.

And that makes sense!

Because while WordPress’ core may be secure, plugins add a wildcard that the WordPress core can’t always account for.

One of the reasons WordPress is so popular is the freedom it gives users to add any number of functions with the help of plugins.

Users get to choose from close to 50,000 plugins available for free in the WordPress plugin repository.

And that’s not even counting the many third-party free and premium plugins.

But sometimes so much choice leads to potential issues.

Rogue plugins, out-of-date plugins…all can provide a vector for hackers to gain access to your site.

So to plug those potential holes, here are some tips to keep your site safe by eliminating WordPress plugin vulnerabilities as much as possible

WPScan Vulnerability Database is a good place to check if any plugin is a security threat.

The service lists plugins and their known vulnerabilities.

You can look up a plugin by name or filter all plugin vulnerabilities alphabetically.

If you catch a given plugin in the list, first check the plugin’s listing page for an update.

If there’s no update to patch the vulnerability, you should delete the plugin for the time being if at all possible

WordPress Plugin Vulnerabilities

Another way to catch these threats in time is to subscribe to paid services like, the aptly named, Plugin Vulnerabilities.

You’ll gain access to always up-to-date data as these services continuously monitor security threats and hacking attempts

And if you’re using a plugin which is at risk, you’ll receive an email alert about it.

Because you get the notification with this service, you’re much more likely to be able to act quickly.

You can also detect these threats by running a scan on your website from time to time.

A plugin like Plugin Vulnerabilities will not only scan all your installed plugins, it’ll also notify you of the more common security issues.

As for the threats that surface subsequently, you can opt to receive alerts.

New threats crop up almost on a daily basis as hackers try and target

WordPress websites. For that reason, it’s important that you check for vulnerabilities frequently

(or have a service do it for you)

Choose the right plugins

No plugin is 100% safe.

But you can significantly reduce WordPress plugin vulnerabilities by learning to assess and select quality plugins before installing them

Pick plugins only from reputed marketplaces like…

CodeCanyon,

the WordPress Plugin repository,

or 3rd-party stores that you trust

The WordPress repository vets each plugin before it’s available to the public and CodeCanyon also has its own review system in place.

CodeCanyon plugins are safe to install

So, what should you check to figure out if a plugin is good to install?

Start with…

Average user ratings

User reviews

Updates / compatibility

Active installations

Support and documentation

We’ve covered analyzing these points in our earlier post, so I’ll skip discussing them in detail here

But you can keep these factors in mind before adding a plugin to your website…

If you have the server resources to support it, you can install as many plugins as you want.

That being said, one badly coded plugin can bring the website down.

What’s important is that the plugins are coded well

An active change log section indicates that the author is supporting the plugin and is responsive to the needs of users.

On the other hand, only a few entries in this section may simply mean that the plugin needs no changes or updates.

There are hundreds of excellent free WordPress plugins.

But keep in mind that premium plugins often have more responsive support and are up-to-date with the latest WordPress versions.

It’s a good practice to install plugins on a ‘need only basis’

Update plugins (and everything else) regularly

One of the most popular attack vectors for hackers is an out-of-date WordPress plugin.

A Sucuri analysis found that three popular out-of-date plugins were the cause of 18% of the hacked WordPress sites they looked at in Q3 2016.

(Chart by Visualizer Lite.)

In case you’re wondering, that’s RevSlider, Gravity Forms and Timthumb.

It’s important to note that the plugin developers patched the vulnerabilities quickly…

but enough people didn’t update their plugins that the issue still led to a number of ‘hacked sites’

Here’s the important takeaway…

Even if you choose the “right” plugins to start with, if you don’t keep those plugins updated…you’re still at risk

Plugin Update notification

So how can you ensure your plugins are always updated?

One way is to look for the update icon in your WordPress dashboard (pictured above).

Another way is to enable ‘automatic updates’

To enable automatic updates for all or some of your plugins, you can use a free plugin called ‘Easy Updates Manager’

Additionally, for plugins that you purchase from ‘CodeCanyon’, try the free ‘envato market plug-in’ to help you automatically update the plugins

Delete unwanted plugins

Another good way to stay safe is to delete inactive plugins that you no longer plan to use

While inactive plugins do not consume RAM, bandwidth or PHP, they do take up server space

And if present in large numbers, they can slow down your site.

But the main reason why you shouldn’t keep inactive plugins around is that they can be used to run malicious code on your website

Summing things up

Plugins are awesome.

They help you do wonderful things with your WordPress.

But sometimes poorly coded or out-of-date plugins can open your WordPress site up to hackers.

By choosing your plugins with care and updating them regularly, you can go a long way towards reducing your chance of falling victim to WordPress plugin vulnerabilities.

Need us to clarify any of this WordPress plugin vulnerabilities stuff further?

Don’t hesitate to speak up in the comments

“WHY ARE ‘HACKERS’ ATTACKING ‘WEB-SITES’?*
(‘patchstack link’)

The problem with hackers attacking websites is on a constant rise.

Month-to-month we list tens of vulnerabilities found in popular plugins that developers use on their sites.

Most of these are being targeted by hackers.

We monitor the sites we protect daily and see the number of attacks increasing every week.

The reason why hackers are hacking websites is still a mystery for a lot of people.

So, in this article, you are going to learn why hackers hack websites.

If you are a web developer, agency, or freelancer who is responsible for websites, you probably have seen this issue. If you are a website owner or newbie on the field, a hacked site can come as a big surprise

This article will help you to understand…

why are hackers attacking websites?

what are they doing with a hacked website?

and what should you do when your site gets hacked?

What is the main motivation behind the hacks?

You probably think that you are not holding any state secrets on your site, maybe not even collecting credit card details, but you still got hacked – why?

Or maybe you only have a small one-pager with a little text and a contact form and somehow you still end up on a hackers’ radar.

How is it possible, you ask?

Well, it isn’t you or your site specifically in most cases.

Nor is it your business behind the site.

Hackers are targeting the software that you use.

Hackers Attacking Websites

When they are successful they can generate money.

And the latest data has shown that about 50 000 sites get hacked every day. It may mean a lot of money for hackers, right

Even a small website can generate a substantial amount of money.

Cybercriminals and web hackers can make money with your compromised website by

distributing malware,

SEO spam,

and even set up e-mail spam servers and phishing sites

Money is obviously the most common motivation behind the attacks

SEO spam is a very common problem

If you dig deeper you see that there are actions that hackers take to make money.

One of these is SEO spam.

SEO spam is a type of spam.

it is basically an action of injecting backlinks and spam to legitimate sites.

It remains one of the most profiting and popular types of ‘website attacks’

Hackers Attacking Websites

After the website is compromised, a malicious backdoor will be uploaded to the website which gives access to the attacker allowing him to invisibly redirect your visitors to their scam sites at any time they want.

Apart from generating money for the hacker, your website gets a penalty from search engines which will ruin your SEO.

“The scam has been traced back to organized crime syndicates operating in what is estimated to be a 431 billion dollar, and growing, market. Its scale, and the danger counterfeit drugs pose to the public health, prompted repeat action from FDA, Interpol, among others.”

— Incapsula

Hackers use malware

Malware is the worst-case scenario, but evil-minded web hackers can even use your website to infect visitors with ransomware

What is the difference between ‘malware’ + ‘ransom-ware’?

Malware is malicious software and it is a code that is made to disrupt, disable, or take control of your system.

It is usually hidden or disguised as something else so that scanners won’t find it.

When we perform malware removals we do it manually.

The reason why we do it manually is that most scanners fail to find malware and if in the best-case scenario they do – there’s still a backdoor that needs to be patched.

The patch is critical, thus we have real security experts who perform the fix manually

Hackers Attacking Websites

Malware example…

‘Ransomware’ is a specific type of malware.

When a victim’s data is encrypted and can only be decrypted with a key that is known to the attacker.

So the attacker will hold your data and ask for ransom from you so that you could get your data back.

“It’s possible to have your operating system, browser, plugins, and applications exposed to exploits looking for vulnerabilities just by visiting an unsafe website.

SophosLabs sees tens of thousands of new URLs every day containing drive-by downloads.”

— Sophoslabs

Between 2014 and 2016 over 100 000 WordPress and Joomla sites were redirecting visitors to Neutrino Exploit Kit, which tried to penetrate the browser on the visitors’ computer and when being successful, infected the operating system with CryptXXX ransomware

And it’s growing…

According to the latest volume of the Internet Security Threat Report:

$294 = Average amount of money demanded per person in 2015

$1,077 = Average amount of money demanded per person in 2016

$2,000 = Average amount of money demanded per person in 2017

$6,733 = Average amount of money demanded per person in 2018

$13,000 = Average amount of money demanded per person in 2019

When we talk about the year 2020 the data shows that ransomware demand costs could exceed $1.4 billion in the U.S. this year.

The numbers are rising in a serious manner and should be alarming to every website owner.

You don’t want to pay $13 000 for your data, right?

Going back to malware, there are many other ways to make money with it.

For example, hacked websites can be connected to a large botnet, which then can be used to provide a DDoS service to attack other sites and web services

How to protect your websites from malware?

First of all – updates.

Make sure you are always updated to the latest version if any of the new vulnerabilities come out.

You can enable auto-updates for vulnerable plugins if you know you don’t have the time to check the new vulnerabilities every day

Secondly –

install a web application firewall.

And not any web application firewall please do your research on the technology.

It’s crucial to have a firewall that gets constant updates and virtual patches

Thirdly, use secure passwords or even passphrases.

Enable 2-factor authentication on your sites and use ReCaptcha on your login and contact forms

Vandalism with defacement

There is also a different type of hackers, who are doing ill-intentioned actions for fun.

These hackers attacking websites are the deface web hackers, vandals, and script kiddies.

They are oftentimes kids who test their skills and love to show it off on hacking forums to compete with the fanciest defacement

Hackers Attacking Websites

Example of a defaced website

Luckily, these kinds of attacks are usually the easiest to detect and fix.

You can find defaced websites from mirror sites, where defacers actively post their new victims

How are hackers attacking websites?

Website hacking is mostly automated.

This is a critical element as there’s a common misconception on how attacks are being executed

Here’s an example of how a web hacker hacks your site….

Web hacker with evil intentions begins with making a list of targets by country and special fingerprinting (Google Dorking).

He can use (automated tools available) Google to find for example every website in the Czech Republic with the default WordPress page “Hello World” like this: site:.cz inurl:/hello-world

Now, with the list of over 5000 WordPress sites, there are many possibilities.

He could start fingerprinting (automated) specific vulnerable (outdated) software and try to brute-force the admin account with different combinations (also automated).

Hackers Attacking Websites

Example of a defaced website

In this step, the attacker can already have access to a lot of sites

(most of the sites are not frequently updated and lack security measures)

As the last step, it’s all about infecting and using the site as the attacker wishes

(khm.. also automated).

Hackers are attacking websites with automated tools

The attacker might have hacked your website without ever visiting the site or seeing it with their own eyes.

And yes, you should worry about it

Keep in mind that similarly to the abandoned buildings that get freaky graffiti and tags on the dark corners —

it’s just a matter of time when your website gets defaced and infected with malware…

….if you DONT have basic maintenance, security measures, and proper monitoring in place.

The problem is big and it is growing with time.

To find out how big of a problem you are facing, who could be better than Google.

Here’s what Google released on their blog at the end of March 2017:

“We’ve seen an increase in the number of hacked sites by approximately 32% in 2016 compared to 2015. We don’t expect this trend to slow down.”

— Google

Since there is almost a 1/3 chance that your website is running on WordPress, you should already know that the year 2017, way back, didn’t even start with a positive tone

Conclusion

Every day there are hackers attacking websites

Every day about 50 000 sites get hacked

And in most cases, the web developers or website owners don’t even have enough knowledge about what is going on on their site.

And every day we still see hackers attacking websites.

This is why you need to take proper measures to understand the risks and be aware of the vulnerabilities that may affect your business and your website.

You need to protect your site with a firewall, keep it constantly updated and secure it with strong passwords.

Patchstack can help you to protect your sites and keep them updated.

You can start Patchstack 7-day free trial here. Try it out. We offer a 30-day money-back guarantee and even a malware-removal guarantee.

Your website is the face of your company, protect it!

Want to stay up to date on the latest website vulnerabilities and ways to protect against them?

Join the Patchstack Facebook community.

patchstack.com /hackers-attacking-websites/

Why Are Hackers Attacking Websites? –

Patchstack

10-13 minutes 2/23/2021

*CREATE YOUR OWN ‘WORDPRESS PLUG-INS’*
*BEAVER BUILDER LINK*

Until a few years ago, I hadn’t written a single WordPress plugin.

I had created and customized many themes for our clients, but for some reason, I kept telling myself that creating a plugin was beyond my capabilities.

In hindsight, I couldn’t have been more wrong.

If you’ve ever felt this way, let me tell you something.

Creating a WordPress plugin is not beyond your capabilities.

Anyone that has skills enough to write basic PHP and modify a theme can create a plugin.

This is how I started the Beaver Builder plugin (it’s free so you can try it) and how you can start yours too.

Why would you want to create a plugin?

If you’re like I was, you’ve probably been adding functionality to your theme instead of creating a plugin.

There are plenty of cases where doing so is fine, but there are also cases where custom functionality is better off being added to a plugin.

Why might you ask?

Consider this scenario.

You’ve added functionality to your theme that changes the default gravatar to your own custom gravatar.

The only issue is, you’ve just changed themes and now that’s gone.

If you had added that code to a plugin it would still be there when you decided to switch themes.

We ran into this issue with the Tabata Times multisite network.

They use a handful of themes that need to share custom functionality.

How do you think we solved that problem?

You guessed it, by adding a good chunk of the functionality into a plugin so it is available to all sites on the network, regardless of which theme they are using.

Don’t lock yourself into a theme.

Use #WordPress Plugins for functionality instead.

Click To Tweet

Create your 1st plugin in 5 simple steps

I’m not kidding.

You can create a WordPress plugin in five simple steps.

Let me show you how…

FTP into your site

The first thing you’ll need to do is access your site via FTP using the FTP program of your choice

(mine is Coda)

If you’re not familiar with FTP, I recommend you read up on that before moving forward

Navigate to the WordPress plugins folder

Once you’ve accessed your site via FTP, you’ll need to navigate to the WordPress plugins folder.

That folder is almost always located at /wp-content/plugins.

Create a new folder for your plugin

Now that you’re in the plugins folder it’s time to create a folder for yours!

Go ahead and create a new folder, giving it a unique name using lowercase letters and dashes such as my-first-plugin.

Once you’ve done that, enter your new folder and move on to the next step.

Create the main PHP file for your plugin

Next, you’ll need to create the main file for your plugin.

To do so, create a PHP file within your new plugin folder and give it the same name

(such as ‘my-first-plugin.ph’)

After you’ve done that, open your plugin’s main file and get ready to do some editinh

Setup your plugin’s information

Finally, copy and paste the plugin information below into your main plugin file.

Make sure to edit the details such Plugin Name and Plugin URI as they pertain to your plugin

That’s it!

You’ve just completed the minimum number of steps that are required to create a WordPress plugin.

You can now activate it within the WordPress admin and revel in all of your glory.

What now?

At this point you’re probably wondering what this plugin is supposed to do.

Well, it doesn’t do anything!

I said I would show you how to create a plugin,

I didn’t say I’d show you how to create a plugin that does anything. 🙂

All kidding aside, the goal of this post is to illustrate just how simple it is to get started creating WordPress plugins.

Whip one up with the steps outline above and you’re ready to start making things happen.

Making your plugin do something simple

Now that you have a plugin, lets make it do something.

The easiest way to make things happen in WordPress is with actions and filters.

Let’s explore that by creating a simple action that adds a line of text below all of the posts on your site.

Copy and paste this code into your main plugin file (below the plugin information) and save it.

add_action( ‘the_content’, ‘my_thank_you_text’ );

function my_thank_you_text ( $content ) {
return $content .= ‘

Thank you for reading!’;
}

This code hooks into “the_content” action that fires when WordPress renders the post content for your site.

When that action fires, WordPress will call our “my_thank_you_text” function that is defined below the “add_action” call

Going beyond a simple plugin

cockpit

If you’ve made it this far, hopefully we’re in agreement that creating a simple WordPress plugin is relatively easy.

But what if you want to create a plugin that does more than accomplish one simple task?

Actions and Filters

If you’re going to start coding your own plugins, I highly suggest you familiarize yourself with how actions and filters work and which ones are available for you to use.

The WordPress Codex is where I spend a lot of my time,

I suggest you do the same.

Plugin API: Actions and Filters

Plugin API: Action Reference

Plugin API: Filter Reference

WordPress Functions

Again, I spend a lot of my time in the WordPress Codex reading up on core functions as I develop my plugins.

There are so many core functions that I wouldn’t expect you to know what each and every one of them is and does.

That’s what the Codex is for after all, so use it!

Creating an Options Page

Finally, if you end up creating a plugin that does something nifty, you’ll probably want to create an options page so people that use it can modify the functionality.

Creating an options page isn’t necessary,

there are many plugins that install and do something without one,

but having one can be a nice addition for users of your plugin.

Creating an options page is beyond the scope of this post, so once again, I’ll leave you in the hands of the WordPress Codex.

Writing a Plugin

Creating Options Pages

If you haven’t already, create your first plugin!

Creating WordPress plugins is extremely liberating and a great way to gain a deeper knowledge of how WordPress works.

If you haven’t already, I strongly urge you try your hand at creating a plugin.

If you do and come up with sometime useful, don’t forget that you can distribute it freely to others via the WordPress plugin directory.

Have you already created your first plugin or plan on creating one soon?

If so, I would love to hear about it in the comments below!

Justin Busa’s Bio

Want More WordPress Tips?

Enter your email and join 50,000+ readers who get WordPress tips and strategies like this from Beaver Builder!

www.wpbeaverbuilder.com /creating-wordpress-plugin-easier-think/

Creating A WordPress Plugin Is Easier Than You Think | Beaver Builder

6-8 minutes

themeisle.com /blog/wordpress-plugin-vulnerabilities/

Stay Safe! WordPress Plugin Vulnerabilities, and How to Avoid Them

Author(s): Easy Updates Manager Team6-8 minutes 5/8/2017

Themeisle content is free. When you purchase through referral links on our site, we earn a commission. Learn More

*2 NOVEMBER 2021*

*CRITICAL ERROR*

*problem post* –>

*our custom keyboard shortcuts*

(“creative mail” was ‘culprit of the day’)

👈👈👈☜*’KINGDOM OF JOGA’ BLOG* ☞ 👉👉👉
*WORDPRESS PLUG-INS*

💕💝💖💓🖤💙🖤💙🖤💙🖤❤️💚💛🧡❣️💞💔💘❣️🧡💛💚❤️🖤💜🖤💙🖤💙🖤💗💖💝💘

*🌈✨ *TABLE OF CONTENTS* ✨🌷*

🔥🔥🔥🔥🔥🔥*we won the war* 🔥🔥🔥🔥🔥🔥