WordPress Loginizer Plugin Vulnerability! The Loginizer Plugin has Automatically Updated Due To Vulnerability. WordPress tends to take a light-handed approach to manage the legions of plugins compatible with the most popular blogging platform on the planet. This time, however, they’re taking a different approach. They’re forcing a security update to counter a dangerous bug in a wildly popular plugin that more than a million websites around the world use.
The plugin in question is Loginizer. The design is to help websites fight back against brute force attacks by blocking the login function for a given IP address once a certain reaches threshold of login retries.
It’s an essential plugin, honestly, but researchers discovered a fatal flaw in it in the form of an SQL injection issue. The issue could have allowed a hacker to take complete control over the site running the older version of the plugin. Thus, WordPress’s decisive action forces an update on everyone who uses it.
Justification of “Heavy-handed Measures”
While we usually don’t approve of such heavy-handed measures, we feel justified in this particular instance. Had the company not taken the action it did, users would have been slow to update the plugin, and many may not have updated at all or even been aware there was an issue. This way, everyone is protected, and it happened quickly, in an organized manner.
There could have been another implementation in an ideal world, but then, in a perfect world, hackers wouldn’t abuse security flaws and loopholes in the first place. Here, WordPress made the best of several bad decisions and took swift, decisive action designed to keep their massive user base safe and protect their brand image. While it’s less than ideal, we applaud the company for its efforts.
If you use the plugin in question, be aware that you’re getting an update whether you want one or not. In this case, that’s probably not a bad thing.
