Is WP vulnerable when updating plugins or themes?

What you’re doing at the moment is okay, but there are far far better ways to do it.

The problem of man in the middle attacks here is that to insert yourself between wordpress.org and a server at a data centre is no easy task, so this scenario is very unlikely.

However

If you abandon the built in updater and instead rely on git repositories to pull down your data, then you can guarantee 100% that your plugins and themes are secure, even if a man in the middle attack occurs.

This is because of the reliability promises git makes. A git repository has an SHA-1 hash which represents its VCS history, and any attempt to ‘meddle’ or manipulate a git repository to add code will invalidate that hash, causing git to balk. Because of this, so long as that hash is good, you can pull code changes down from anywhere, no matter how untrustworthy thanks to the cryptographic guarantee.

Here’s Linus Torvalds talking about trust and reliability in Git far better than I could explain:

http://youtu.be/4XpnKHJAok8?t=56m10s

Once you’ve moved to a version controlled setup, you can set your wp-content folder etc to read only for the servers Apache/WWW/Nginx user. Should a non-git repository be corrupted or compromised, you can simply re-checkout the repository in place and undo the damage.

Provisioning/deployment tools such as Composer would also be useful here.

Note that while Git would prevent a man in the middle attack by highlighting the data inconsistencies and providing evidence of tampering, it will only guarantee you have the correct copy of the source. It doesn’t prevent the original developer from having a nervous breakdown and putting a DROP ALL TABLES command in their plugin. For that we have testing in sandboxes, proofreading/code reviews, and support forums.

Related Posts:

  1. Why does WordPress need my private ssh key to update?
  2. How can I easily verify a core or plugin update has not broken anything?
  3. Will there be security updates for WordPress 4.9.9
  4. Why my plugins are updating automatically?
  5. Are major WordPress updates mandatory for security?
  6. Background Updates Not Happening
  7. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  8. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  9. Why does the URL http://a/%%30%30 crash Google Chrome?
  10. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  11. Can an attacker use inspect element harmfully?
  12. Infected Files – what to do [closed]
  13. WordPress 4.7.1 REST API still exposing users
  14. Should I escape wordpress functions like the_title, the_excerpt, the_content
  15. When to use esc_html and when to use sanitize_text_field?
  16. Why does WordPress have more than one salt?
  17. What is the ideal setup to address security concerns?
  18. Will there be security updates for 3.1 once 3.2 is released?
  19. WordPress it’s cleaning a custom query_var to avoid sql injections?
  20. Can someone explain the use cases of esc_html?
  21. How can I lock down an old wordpress install I don’t intend to update?
  22. Tips for finding SPAM links injected into the_content
  23. Close a wordpress blog – keep site as it is but prevent hacks
  24. Is WordPress vulnerable to the httpoxy?
  25. How to get WordPress to save upload file beyond web root [closed]
  26. WordPress and Security
  27. Is security a problem in WordPress?
  28. Is /wp-login.php?redirect_to[] exploitable?
  29. Logout via Subdomain, non-wordpress page on a different server?
  30. brute force attack even though it is limited by IP
  31. What should I do about hacked server?
  32. How can I tell who changed the password?
  33. WordPress website Security [closed]
  34. How do I authenticate WP users from a chrome extension?
  35. Can’t reset WordPress password
  36. Website is being flooded [closed]
  37. Is the “lost password” feature truly a vulnerability?
  38. Is it possible to reduce the minimum character length for passwords?
  39. Handling email piping attachments and detecting unsupported file types
  40. Why was my blog post inserted lot’s of ad links by others?
  41. Auth cookie value security risk?
  42. Security – Shortcode injection attack
  43. Registration Plugin – Recaptcha integration
  44. How to combat flooding admin-ajax.php?
  45. When is wp_set_password() called or how to capture a password
  46. SELinux security vs WordPress updates
  47. Moving away from MD5: Where to declare the custom global $wp_hasher?
  48. Would it be dangerous to send all the wp_options to javascript file?
  49. Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
  50. Should I disable directory listing for wp-includes?
  51. How to get WordPress to send Password Reset Link Email instead of New Password?
  52. Safety side of storing emoji into database
  53. Verifying that I have fully removed a WordPress hack?
  54. Large Session Tokens
  55. How can I safely hide the fact that my website runs on WordPress? [closed]
  56. How to change permissions of WordPress and/or apache on macOS securely?
  57. How can I display nickname instead username in links
  58. My WordPress Websites are always under attack
  59. Is there value in using a wp_nonce for POST requests?
  60. Using an Encryption class in a WordPress Plugin
  61. How to hide easy access to my website temporarily?
  62. Can I Remove xmlrpc.php completely?
  63. Config file with no Keys..?
  64. Security concerns with external links
  65. Any any insecure http:// URLs left in wordpress?
  66. White screen of death on admin pages after moving wp-config up two levels for security
  67. .htaccess password protection bypassed
  68. Session Cookie security questions
  69. Storing FTP details in wp-config.php
  70. Can a WordPress administrator see other users’ passwords?
  71. Privilege escalation bugs in 2.9?
  72. Content-Security-Policy blocks WordPress check boxes from being activated
  73. How to distinguish between a hack and an encoding error?
  74. How to change location of wp-config.php to folder or 2 folders up?
  75. wordpress admin security
  76. Why do people use “admin” username by default? [closed]
  77. WordPress Database Re-installed (Hacked)
  78. WordPress Security tools
  79. Robots.txt file not updating
  80. How can I stop other plugins from using my class’ sensitive methods?
  81. What are WordPress Current Security Issues in 2017?
  82. wp-config.php moved above root results in no plugin updates
  83. Password-protect feed and make it usable in major aggregators
  84. Should I change the default file and folder permissions?
  85. How to rewrite rules for WP-security in Nginx?
  86. how to find the way they hacked my WP site
  87. Is it a bad idea to CHMOD 777 all the files on your site?
  88. How to stop repeated hack on header.php of custom theme? [closed]
  89. Couple questions about .htaccess, login page, updates
  90. is this code properly secured
  91. nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
  92. How to get real password (before encrypt) when register a user?
  93. Directory to store secure file
  94. How can I give someone server access to only duplicate and modify a site?
  95. WP-JSON: Cross Origin Resource Sharing Vulnerability?
  96. How can I implement ansible with per-host passwords, securely?
  97. Why should I firewall servers?
  98. Does drilling a hole into a hard drive suffice to make its data unrecoverable?
  99. Can you alter the default wordpress strong password requirements?
  100. how to sanitizing $_POST with the correct way?

Leave a Comment