WordPress Blog About All Things WordPress

Hacked Websites Report Q2 2016 – Is YOUR Website In Capable Hands?

8th September 2016/in Hacked websites, Wordpress maintenance /by k a

Sucuri has just released its 2016 Q2 report on hacked websites based on the analysis of 9,771 infected websites. And it makes for an interesting read, particularly when you consider their final point:

“There is currently a sharp decline in the knowledge required to have a website, which is breeding the wrong mindset with website owners and service providers alike.”

They’re almost going as far as to say that too many hacked websites are the result of their owners, webmasters and hosting companies not doing what they should be doing to keep the website secure.

Which is a worrying thought for most people – is YOUR website in capable hands?

Let’s look at some of the findings from the Sucuri hacked websites report.

1. Which CMS Platforms Were Most Commonly Affected?

The most common hacked websites were those using WordPress (74%) , Joomla (16%) and Magento (8%). This in part is a reflection of the usage of these different platforms – WordPress absolutely dominates the world of website CMS platforms making up 59% of all CMS, then Joomla 6.2% and Magento at 2.8%* – and the more websites there are using a particularly CMS, the more infected sites there are likely to be.

Indeed Sucuri states early on in the report that the data does not imply that WordPress, Joomla or Magento are more or less secure than other platforms – in most cases, the problems seen were little to do the core system, but far more to do with webmaster and hosting mistakes!

2. In-Date or Out-of-Date Software?

Sucuri reviewed whether the CMS being used was fully up-to-date at the point the website was infected, or not. CMS updates and patches are released regularly to ensure the systems work at a high level of security, but unfortunately many webmasters don’t maintain their sites rigorously, and allow them to become out of date.

And as Sucuri so succinctly says, “With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.”

Of the 9771 websites examined, Sucuri discovered an amazing:

• 55% WordPress sites were out of date
• 86% Joomla sites were out of date
• 96% Magento sites were out of date

making it easy to see a clear relationship between infected Joomla and Magento websites and webmasters who aren’t maintaining their sites properly.

3. Focus on WordPress

As the world’s most popular CMS, the cause of attacks on WordPress websites was examined in greater depth.
Three out-of-date and vulnerable WordPress plugins were responsible for 22% of all the WordPress compromises, and the frequency of each responsible plugin is shown below:

• Revslider (46%)
• TimThumb (27%)
• Gravity Forms (27%)

Since each of these plugins have had fixes available for more than a year (TimThumb since 2011), Gravity Forms (since December 2014) and RevSlider (publically disclosed in September 2014), the fact that 22% of all the infected WordPress websites were still using at least one of these, is of concern.

Sucuri concludes that the WordPress community still faces a challenge in making website owners and webmasters aware of patches and fixes and encouraging them to keep their websites up-to-date and secure.

4. Malware

The most common malware families responsible for the hacked websites were

• 71% Backdoor (files used to reinfect and retain access)
• 60% Malware (browser-side code used to create drive by downloads)
• 38% SPAM-SEO (compromise that targets a website’s SEO)
• 8% HackTool (exploit or DDOS tools used to attack other sites)
• 7% Mailer (spam generating tools designed to abuse server resources)
• 3% Defaced (hacks that leave a website’s homepage unusable and promoting an unrelated subject)
• 3% Phishing (attackers trick users into sharing sensitive information eg. log in information, credit card data etc)

The worrying thing to note here is that 71% of all infected websites had backdoor attacks which allow the intruders to bypass controls without presenting any external signs of hacking to website visitors. These backdoors are particularly effective as they can’t be detected by most website scanning technologies.

SPAM-SEO hacks were also on the rise – up to 38% in Q2. This is where the sites were infected with spam or redirected web visitors to spam pages such as content about Viagra, casinos, porn etc.

5. Blacklisting

Nobody wants their site to be blacklisted by Google, Norton or McAfee as it can damage the company’s reputation enormously, can adversely affect search rankings and also cause havoc with email systems.
However the research into which infected websites were blacklisted provided some startling statistics: only approximately 18% of the infected websites were blacklisted.

So that means that 82% of the 9,771 websites examined were free to distribute malware!

IN CONCLUSION – A large proportion of hacked websites arise simply because the CMS core system, the plugins, the scripts etc have not been kept up-to-date.

Even if a malware attack doesn’t cause your site to crash, there are several reasons your website visitors will flee when your site is hacked. Furthermore infected sites can get blacklisted by Google – or perhaps even worse – keep on functioning and spreading malware to all your website visitors.

It is impossible to over emphasise how important regular maintenance is to reduce your website’s vulnerabilities and help secure it against attack.

Are you sure that YOUR Website is in capable hands?

See the full Sucuri Hacked Website report here

WP Support Specialists is a global WordPress support business dedicated to WordPress and WordPress alone! We offer emergency support and regular WordPress maintenance packages. If you want to have a no obligation chat about how we can keep your website secure, please get in contact.

* Data taken from W3Techs

add products to WooCommerce ecommerce website

10 Essential Steps To Add Products To WooCommerce – Made Easy

10th August 2016/in Plugins, WordPress /by k a

We’re often asked by people using the WordPress WooCommerce plugin how to add new products to their store. And the good news is that it isn’t tricky so long as you approach things logically.

To help out all you WordPress newbies who want to keep their eCommerce store up to date, we’ve put together this simple guide.

Firstly from your dashboard, navigate to Products > Add Product

Then you can add the product name at the top, and choose the category where the product belongs on the right hand side.

1. Add Product Tags and Product Images

Scroll down the page. You’ll find the section to add product tags on the right hand side.

You’ll need to set product image in the section below, and the product gallery is where you can add additional images.

2. Add Product Description

Scroll down the page…down, down, down. At the very bottom you’ll find the Product Short Description where you can describe your product in glowing terms.

3. Choose Product Type

Firstly you need to understand the different types of product.

Simple Product – this covers the vast majority of products you may sell. Simple products are shipped and have no further options. For example a book.

Grouped product – a collection of related products that can be purchased individually and only consist of simple products. For example, a set of six drinking glasses.

External/Affiliate product – one that you list and describe on your website but is sold elsewhere.

Variable product – a product with different variations, each of which may have a different SKU, price, stock option, etc. For example, a T-shirt available in different colours and/or sizes.

Virtual product – one that doesn’t require shipping. For example, selling a service.

Downloadable product – similar to a virtual one but where customers are given a downloadable file. For example, a PDF magazine, ebook or photo.

Once you have identified the type of product you are selling, you can choose the right option.

4. Add General Information

Regular Price – add in the regular price of the product.

Sale Price – add in any discounted price (if applicable) which can then be scheduled to run at certain dates.

5. Manage Inventory

SKU (Stock Keep Unit) tracks products. It must be a unique identifier for each product and must be formatted so that it is different to post ID numbers. Since post ID numers are numerical, it makes sense to create SKUs using a mix of words and numbers eg. TS01 T-Shirt 01

Click on the “manage stock?” checkbox to enable stock management for the individual products and define whether to allow back orders.

If you click on the “Sold Individually” checkbox, the system limits the product to one per order.

6. Define Shipping Details

Simply add in the weight (kg) and dimensions (cm) of the product.

The Shipping Class option is used by certain shipping methods to group similar products.

7. Set Up Linked Products

This section allows you to cross promote your products. You can choose:

Up-sells – recommend an alternative product to that being current viewed (better quality / more expensive / more profitable)
Cross-Sells – promote other products, based on those currently in the basket
Grouping – make the product in the basket part of a grouped product
Related products – link to related products which will be shown on the product description page

8. Set Attributes

In this section you can assign details to a product such as weight, colour, size etc.

Once you have chosen an attribute from the select box, click “add” and assign values from the drop down list. Alternatively add a new “value”, then save attributes.

If you leave the “Visible on the product page” unticked, the information won’t be shown on the frontend.

9. Advanced Bits n Bobs

This section enables you to:

Purchase note – enter an optional note to send the customer after they purchase a product
Menu order – Customise the ordering position for this item.
Enable/ disable customer reviews for this item

10. Set Up Gift Card Option

If you wish to set a product as a gift, simply tick the Gift Card checkbox.

And there you have it! You have successfully added a new product to your WooCommerce ecommerce store and by simply publishing the page, it will be visible to your website visitors.

If you found this guide useful please share on your preferred social media site below or send to a friend in need via email.

Best WordPress Plugins 2016: Expert Picks + Never Before Seen Hacks

22nd July 2016/in Plugins, WordPress /by admin

If you’re looking for advice about the best WordPress plugins to use in 2016, we’re sure this great infographic from Matt Banner at On Blast Blog is just what you are looking for.

From the crucial WordPress plugins that all websites should be using – think Yoast SEO and Backup Buddy – to recommendations for niche websites for food, fitness and business bloggers, this infographic is chocabloc with great ideas and advice.

It even includes some beginner and advanced WordPress hacks that could well help you manage your website with ease.

Read on and enjoy!

Credit: On Blast Blog

Question of The Week – WordPress Vulnerabilities

5th November 2015/in WordPress /by k a

This week’s Question is all about WordPress vulnerabilities.

“Given all the recent press regarding WordPress vulnerabilities, is it a safe system to use?”

Listen to the video for the answer, or read the transcription below.

Hi there and welcome to the question of the week. This week’s question comes from Michelle Collins, who is based in Portugal.

Michelle asks: “Given all the recent press regarding WordPress vulnerabilities, is it a safe system to use?”

Michelle, the simple answer is “Yes!”. There is a caveat however and that caveat is you need to make sure that you take proper security precautions, and you need to make sure you keep up to date, just like you would a Windows computer or an Apple Mac computer.

So you need to make sure you are using good strong passwords, and also you’re updating your WordPress core systems, using good plugins that are updated regularly by the developer, and you update those regularly. And really just making sure that you are taking good precautions and completing good housekeeping. And if you do that on a regular basis, then there’s no reason why your WordPress system would not be safe and secure.

Hope that helps. Thanks and I look forward to answering your next question

Importance of Updating WordPress Websites

Is Your UK Website One of the Half a Million at Risk?

8th July 2015/in Maintenance, Website security, Wordpress maintenance /by k a

According to the Federation of Small Businesses, there were over 5 million small to medium-sized enterprises (SMEs) in the UK at the end of 2014. Since nearly 25% of websites globally use WordPress, we can estimate that there are 1.25 million UK WordPress websites supporting UK SMEs.

No surprise there. But the shocking fact is that a high proportion of these websites are not being updated regularly. w3techs.com reported that 23% of WordPress websites they surveyed had not been updated to the current version, and our own small survey of 250 UK websites showed that 75% weren’t using the current version!

It’s possible to crunch the numbers and conclude that between 290,000 and 937,500 UK WordPress websites are probably out of date – let’s just call it half a million.

So does this indicate that half a million business owners don’t care about their website? Are they not bothered about malware, hackers and how they might consequently lose clients? Are they indifferent to the improvements that each new version of WordPress offers its users?

Surely not. It’s far more likely that most SME owners have simply no idea about the importance of regularly updating their WordPress website.

So let’s reiterate the importance of updating your WordPress website.

Firstly you need to understand that WordPress issues Major and Minor releases. Major updates (two digit releases eg. 3.9 and 4.2) include code changes and new features. Webmasters need to upgrade their own website manually with these. The Minor updates (three digit releases eg. 4.1.4 and 4.2.1) are intended to fix bugs and patch security issues. These are automatically installed on the website.

By keeping your WordPress website up to date, you’ll reap the following benefits:

Improved Security

Hackers are unfortunately a way of life nowadays and they are always trying to infiltrate WordPress websites to cause mischief and havoc – ranging from loss of data, sending inappropriate communications to your customers and trying to spread their evil far and wide.

Fortunately because WordPress is an open source platform, the massive community of developers and users will quickly spread the word if a security vulnerability is found in the current version.

For people with an updated website, minor releases to fix the vulnerability will be installed automatically. But if a business owner has let the website version control lapse, the website will have to be updated manually to take advantage of these critical security improvements. If they don’t, their website is at significant risk from hackers.

The problem is that manual updates are quite complicated for people who aren’t experts in WordPress. There are a number of hints and tips found on the WordPress.org website such as never upgrade across more than 2 major releases at one time. The manual process also requires that you back up your database and files, check the backup has worked and deactivate plugins before you can start to update your WordPress version.

If you care about the security of your website and don’t want to lose clients and income due to a hacked website, then you must keep your WordPress version regularly updated. If your website is powered by a very old version (3 or before) you will probably need expert help to get you up and running on the current version.

Better Website Performance

Major WordPress updates come out 3 or 4 times a year and are destined to improve your website performance, often by offering more functionalities. For example, new features in version 4.2 included better updates from the AddPlugins screen, Emoji Support and an improved ‘Press This’ feature.

After a Major update, many plugins will also get updated to maintain their compatibility with the core WordPress site and to take advantage of the new features.

If you want a website that performs well and offers all the most recent features of WordPress and associated plugins, you need to update your WordPress version regularly.

Summary – Considering the statistics about WordPress updates, it seems clear that SME owners really don’t understand the importance of keeping their WordPress website updated. But perhaps after reading this article, they will check the WordPress version powering their website, and update it without delay!

10 Foolproof Ways to Improve Your Website Security

7th July 2015/in Hacked websites, WordPress, Wordpress maintenance /by k a

According to a recent post by Sucuri, the increased number of tools and applications which enable individuals and companies to set up their own website might be a great thing, but the downfall is that many people don’t know how to make their websites secure – in fact many webmasters aren’t aware of the importance of keeping their website secure.

So what are the top 10 ways all webmasters should be ensuring their website security?

1. Regular Updates

When a new plugin or CMS version becomes available, your site must be updated at once. Hacking bots are automated and constantly look for vulnerabilities in websites. If you don’t want you website to be hacked, keep it up to date.

2. Password Security

Sucuri notes that many webmasters have passwords that are ridiculously easy to crack using password-cracking programmes. Any password that contains a real word is more likely to be guessed than a password that is created from a truly random combination of letters, numbers and symbols.

The solution? Ensure your password is unique, long and complex.

Unique – don’t use the same password for different programmes or accounts. If a hacker finds your website password, it shouldn’t give them access to your email or your online banking.
Long – at least 12 characters
Complex – only a random string of characters will do

Of course it will be almost impossible to remember a complicated, random 12 character password – and Sucuri recommend you use a password manager such as “LastPass” (online) or “KeePass 2″ (offline).

3. One Website per Server

When you have a web hosting plan that enables you to host many websites on one server, it is tempting to do so. But Sucuri points out that a if a hacker gets access to one of the sites, the infection will spread to the others very easily. Furthermore, the clean-up operation becomes more complicated as the infected sites keep on reinfecting one another as you try to weed out the virus.

Best security advice? One website per server.

4. Manage User Access

Invariably you will need to give several users access to your website. But make sure each has their own user access, with the appropriate minimal level of access that they require to perform their job. This not only reduces the impact of any compromised accounts, it also enables you to monitor what the users are doing when they access your site.

5. Alter Default CMS Settings

When installing your CMS make sure you change the default settings. This will help protect against attacks which look for the default settings being used. Even if you didn’t change them during the installation procedure, you can change them at a later date.

6. Choose Extensions Carefully

There are so many extensions and plugins available but you need to choose which you opt for carefully. Sucuri recommends the following key points to help choose your extensions with security in mind:

Download from a legitimate source: many sites offering free extensions which seem too good to be true often are – these extensions are likely to be infected with malware.
Check Date of Updates: if the extension hasn’t been updated in over a year, it’s unlikely you’ll get support from the author if there are security issues. Choose an extension that is currently supported by the author.
Experience of Developer: an experienced developer is more likely to know about best security practices and will ensure their extensions are safe to maintain their own reputation

7. Backups

It’s not enough to backup your website – you need to make secure backups. Don’t store your backups on your web server as they often contain unpatched versions of your CMS which can give hackers the server access they want.

8. Server Configuration Files

By accessing your server configuration files, you can set server rules which will improve your website security. Sucuri recommends adding the following rules for your web server as a minimum:

Prevent directory browsing – this stops hackers seeing the directory contents on your website
Protect sensitive files – you need to put some locations on lock down eg. CMS configuration files (as they contain the database login information) and other administration areas.

9. Use a SSL Certificate

Particularly important for e-commerce websites, the SSL Certificate encrypts data between the browser and website server meaning the data is protected from the Man in the Middle attack. However Sucuri notes that SSL does not protect your website from hackers, nor does it stop it distributing malware – but it does protect visitor information and ensure you won’t get fined.

10. File Permissioons

There are 3 file permissions available: read, write and execute, and each permission is represented by a number. On installation, most CMSs have the permissions correctly configured so it’s not something you normally need to worry about.

However there is a lot of bad advice circulating around the internet – if you’re trying to find help about how to fix permission errors, people may advise you to change the file permission to 666, or folder permission to 777 – yes it will fix the errors but this is terrible security advice – these codes leave your site wide open to malware.

Conclusion – webmasters need to be aware that websites are being continually searched by automated bots looking for a way in to cause havoc. But by following the recommendations from Sucuri, their website security will be dramatically improved.

4 Reasons Your Clients Will Flee When Your Website Is Hacked

12th June 2015/in Hacked websites, Maintenance, WordPress /by k a

If you’re a company owner who takes your website for granted, do you ensure it’s regularly maintained and checked for malware? If not, hackers may have already got in without you even knowing it! And when hackers get in, they can create havoc – causing you to unintentionally irritate and offend your clients – who won’t remain your clients for long.

Many people believe that when a website is hacked, it’s pretty obvious – it just crashes, right? Well no – today hacking is far more sophisticated. Hackers like to keep well under the radar so they can collect information, install malware and merrily spread infection to other users and servers as far and wide as possible, all the while evading detection.

Here are 4 reasons you’ll lose clients when your website is hacked:

Offensive content is added to your site

As sure as eggs is eggs, when hackers alter your website content, they don’t add images of cute kittens or beautiful scenery – they opt for more unsavoury content.

The result? Whether your clients realise your site has been hacked or think this is the kind of content you want to share, they won’t be staying around for long, and you certainly won’t have made a good impression.

Visitors are told your site is unsafe

When someone lands on your website they receive a warning message advising them that the site they are about to enter is unsafe and could damage their computer – your website is on a blacklist.

The result? Clients will quickly close the tab and steer well clear of your website in future.

Clients and many others receive spam emails

Thousands of people may start to receive spam emails from your website when it’s been hacked – even if you’re not aware of it. If your company hosts websites for others, the problem may even extend to their domains.

The result? Unhappy people who don’t appreciate receiving spam emails from you. Most will delete your emails – if they get through their spam filters; others may report you as a spammer and after multiple abuse reports, your entire domain is likely to be blocked. Either way, you shouldn’t expect any of these people to want to become your customer in the future.

Your website is ooooh sooooo slow

As a company owner you probably don’t navigate around your website very often. But if it has been hacked it may be working very slowly and your customers will be the ones to suffer.

The result? Customers will simply get frustrated by your sluggish website and won’t bother to stay around to learn what your company could offer them.

In the above scenarios you may be in blissful ignorance that your website has been hacked and consequently may lose many existing and potential clients in a matter of days. If you’re lucky, one of your clients will alert you to the problem but really – what does that do for your credibility in their eyes?

It’s far better to maintain your website regularly, with malware monitoring and regular back-ups. Then in the event your website is hacked the malware can be removed as quickly as possible.

The online world is far too competitive for you to lose clients to your competitors when, with simple website maintenance, the problems could have been avoided in the first place.

Why Linux Is the Only Sane Choice for a WordPress Site

11th June 2015/in Reviews, WordPress /by k a

When you have decided to create a WordPress website you need to consider which operating system to use and choose your web hosting company accordingly. You may have discovered that both Linux and Windows options are available – but which to choose?

There are many articles reviewing the pro’s and con’s of Windows and Linux, but for a WordPress website, Linux web hosting wins hands down. And here’s why:

WordPress runs under a PHP configuration that works like a dream on Linux
The most commonly used online database on Linux is MySQL which is more robust than the Microsoft Access database, commonly found on Windows
There are low hosting prices as there are no licensing costs – great if you are running multiple servers
Linux is an open source platform meaning that developers across the globe all contribute to make the system as good as possible
It is simpler to use than you might imagine – most web hosts now offer an intuitive icon-based approach to website management
It’s known for its stability and security
It’s flexible enough to allow code and application customisation

In contrast when it comes to Windows and WordPress:

WordPress needs a slightly different PHP configuration to normal and on Windows, there needs to be an element of manual reconfiguration which the hosting company may not be willing to perform.
When the Microsoft Access database is used, it runs slower than MySQL on Linux, leading to a slightly slower website
It’s more expensive as licensing costs are included
Apache may be less stable on Windows than on Linux.

The only time you would require a Windows server is when you plan to use specific applications such as:

ColdFusion (Adobe script language)
NET
ASP Classic
Microsoft Access
Microsoft SQL Server

When setting up your WordPress website, choose a web hosting company that offers a Linux OS – it’s cost effective and faster than Windows for your WordPress website. We guarantee you won’t be disappointed!

WordPress Themes – Do You Get What You Pay For?

20th May 2015/in Themes, WordPress /by k a

One of the joys of having a WordPress website is the thousands of themes available – a seemingly never ending supply. You can choose a theme to provide you with the look and feel of your website – its layout, design style, font type, colours and locations of widgets. There really is something out there for everyone.

Some themes are completely free and others – known as ‘premium’ themes – incur a charge. The question on many people’s lips is why pay for a WordPress theme at all?

Let’s consider the facts about WordPress. It’s an open source platform which means there are hundreds of developers in the community working on it and it’s completely free to use. Many people develop themes for the good of the community and offer them for free; others develop paid-for themes.

But do you get what you pay (or don’t pay) for?

Free WordPress Themes

Are they safe and reliable? A lot of the free WordPress themes are excellent. Many websites offering free themes include a rating from other users – so you can get more insight in to how the theme has been working for other users. Don’t forget however that many people will be using the popular themes, and if you follow suit your website may look very similar to others.

Are they good? Many are pretty good although can be a little light on features compared to the premium themes. However since they are free, you can test one out and if it isn’t what you’re looking for, try out some more until you get what you want.

Do they get updated? Many don’t. Developers simply don’t have time to perform the much needed bug and security updates when it won’t generate an income for them.

What Support is available? Often none apart from the WordPress community via forums.

Our Tips for Choosing Free WordPress Themes

Download free themes off reputable websites where you can be assured the theme has been robustly tested for functionality and security. org offers thousands of themes which have all be subjected to stringent checks before being added to the WordPress.org theme repository. WPHub is also a source of free (and premium) themes, all of which have been screened for malware and to check they do what they claims to do.

Do some internet searches to see what WordPress website owners are saying about the theme you’re interested in – if there are lots of negative comments, choose another theme.

Don’t purchase a theme that hasn’t been updated for more than 1 year – it may be no longer compatible with the WordPress core updates and is likely to cause you headaches.

Premium WordPress Themes

Are they safe and reliable? In general these themes have a reliable code base. Again check out reviews from other users before you purchase.

Are they good? The majority offer more functionality compared to free themes enabling a more powerful site to be created – although if you want a simple blog site these additional features may be unnecessary. They can also provide far more professional looking designs.

Do they get updated? Most are continually updated to fix bug and security issues.

What Support is available? Generally there is good customer support to help with problems but it can vary between supplier and supplier.

Our Tips for Choosing Premium WordPress Themes

Think carefully before you purchase. Trawl reviews and forums to see what others think about the theme you’re interested in – you don’t want to waste money on something that’s not right for you.

Purchase from reputable websites such as org and themeforest.net.

Check exactly what you are getting for your money – is after sales support included or do you have to pay an additional costs? Are future updates provided for free? How do you access the support? Do others in the WordPress community rate the support favourably?

So bearing in mind the points and tips above, do you get what you pay for when it comes to WordPress themes? If you choose a free theme and have realistic expectations of what it can do for you, you get far more than the zero you spent on it. If you choose a paid-for theme carefully and get great after sales support and free updates, your money will have been well spent.

Whichever option you choose, you should be sure of getting a great return on your investment!

Cross Site Scripting Vulnerability in WordPress

4th May 2015/in Plugins, Updates, Wordpress maintenance /by k a

A cross site scripting (XSS) vulnerability in WordPress has been reported which affects multiple plugins. This has come about due to the erroneous use of certain popular functions used to modify and add query strings to URLs by developers.

Security company Sucuri has checked nearly 400 plugins and found a number contained the vulnerable code*. However since there are thousands of WordPress plugins available, some of which are likely to be affected, everyone with a WordPress website should take immediate action to ensure their website is secure.

Action to be Taken:

From your wp-admin dashboard, update out of date plugins now
Check regularly for updates to WP plugins that you use and update them as soon as possible

If you want more information about this vulnerability and how to keep your WordPress website secure, please visit these links:

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins

*Plugins confirmed to be affected by the XXS vulnerability

WordPress SEO
Google Analytics
All In one SEO
Gravity Forms
Jetpack
Several Plugins from Easy Digital Downloads
UpdraftPlus
WP e-Commerce
WPTouch
Download Monitor
P3 Profiler
Give
iThemes Exchange
Broken-Link-Checker
Ninja Forms
Aesop Story Engine
My Calendar

Alternatively if you need any assistance from WP Support Specialists, just Contact Us