Over the past few days an increasing number of WordPress websites have been infected by attackers who have exploited a vulnerability in a WordPress plugin: WP Mobile Detector. Put At one point WordPress with over 10,000 active installs was completely removed from the repository with no patches available. However, as of today the WP Mobile Detector plugin has been patched to address the vulnerability. Please update to version 3.6+ as soon as possible.
WP Mobile Detector automatically detects standard and advanced mobile devices and displays a compatible WordPress mobile theme. “It’s Too Easy to Exploit Vulnerabilities,” Sucuri Security Analyst Written by Douglas Santos, “All attackers need to do is send a request to resize.php or timthumb.php (yes, timthumb, in this case just includes resize.php) inside the plugin directory with the backdoor URL.” Sucuri researchers posted yesterday that attacks against WordPress sites with the plugin began on May 27. Zero-day was revealed on Tuesday plugin vulnerabilities, a WordPress security site. The flaw allows an attacker to upload arbitrary files.
Remove unused WordPress themes and plugins
There is no good reason, I repeat, no good reason to leave unused plugins or themes in your WordPress installation. remove them. That said, it is extremely common that I would login to the wp-admin panel of clients and notice several inactive plugins sitting there. The main reason to remove inactive plugins is security. An attacker can discover an exploit that takes advantage of unused themes or plugins. WP Mobile Detector is a good example, even if you have this plugin installed and disabled/deactivated, you will still be vulnerable. In addition to security, removing unused plugins and themes (and the saved data they leave behind) can also improve WordPress performance.
After you remove plugins, they often leave behind data saved in your wp_options MySQL database table. You can inspect and delete/clean your wp_options table for performance gain phpmyadmin or a plugin like clean option, Beware of this plugin, it provides you the facility to remove unused but also Used wp_options data. Also, remove this plugin when you are finished with it. It is old and not maintained. If you can suggest an alternative that dives into the wp_options table and displays the contents of the saved rows, please let me know. I’ve been relying on clean alternatives for a long time. Post your suggestions below.