via pluginvulnerabilities.com => original post link
Earlier this week we mentioned how GoDaddy’s Sucuri security service isn’t doing basic work to properly clean up hacked WordPress websites. That involved them not trying to figure out how websites are being hacked. They are not alone in that, but others take that even further by blaming something for the hack without actually knowing if that is true, as they didn’t try to figure out the source. One recent example of that involves a thread on Reddit, which had 88 upvotes, where someone, claiming to work for a web host, blamed websites being hacked on a WordPress plugin named WP File Manager. By comparison, someone asking for evidence to support the claim was downvoted. While you can point the finger at Redditors for that mess, the claims made are worth breaking down, as they show how things can go wrong when dealing with hacked websites and how those that have the misfortune of having their website hacked, can get a better outcome.
Confusion Over Outdated Software
One of mistakes the poster makes is a failure to understand the implications of outdated software. They start their post this way: [Read more]