Skip to main content

WordPress Loginizer Plugin Was Automatically Updated Due To Vulnerability

By October 30, 2020May 5th, 2022Cybersecurity

WordPress tends to take a light-handed approach when it comes to managing the legions of plugins that are compatible with the most popular blogging platform on the planet. This time, however, they’re taking a different approach. They’re forcing a security update to counter a dangerous bug in a wildly popular plugin that’s being used by more than a million websites around the world.

The plugin in question is Loginizer, which was designed to help websites fight back against brute force attacks by blocking the login function for a given IP address once a certain threshold of login retries has been reached.

It’s an indispensable plugin, honestly, but researchers discovered a fatal flaw in it in the form of an SQL injection issue. The issue could have allowed a hacker to take complete control over the site running the older version of the plugin, thus, WordPress’ decisive action, which forces an update on everyone who uses it.

While we normally don’t approve of such heavy-handed measures, in this particular instance, we feel it was justified. Had the company not taken the action it did, users would have been slow to update the plugin, and many may not have updated at all, or even been aware there was an issue. This way, everyone is protected, and it happened quickly, in an organized manner.

In an ideal world, some other solution could have been implemented, but then, in an ideal world, hackers wouldn’t abuse security flaws and loopholes in the first place. Here, WordPress made the best of a number of bad decisions and took swift decisive action designed to keep their massive user base safe and protect their brand image. While it’s less than ideal, we applaud the company for their efforts.

If you use the plugin in question, just be aware that you’re getting an update whether you want one or not. In this case, that’s probably not a bad thing.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.