Looks like it’s (only) for their managed Wordpress offerings, they probably blacklisted the plugins in the code itself?
They also mention and if we detect them installed on your account, they will be removed., so they are probably scanning the wp-plugins folder for those plugins as well.
My kimsufi got infected because of a shit WordPress plugin. I stopped using WordPress because of that. GoDaddy sucks but that’s a decent safety precaution.
No correct its only for there wordpress hosting, But since im hosting some wordpress sites aswell, and already got a few people hacked because of bad plugins, im looking todo something like that aswel… Just block the unsupported plugins
While not really on the topic of blocking plugins, there are some things you can do:
Litespeed’s cPanel allows you to have a WAF that can drop or throttle brute force traffic on Wordpress login pages
Litespeed’s cPanel lets you mass install and update LS Cache. Also lets you know if they’re already using another caching plugin.
I don’t use them currently, but I’m sure there’s some Modsecurity vendors (maybe through CXS) that can add more WAF rules for keeping down Wordpress abuse
We want people to use our provided caching plugin (LS Cache) because the web server (Litespeed) has features that can work directly with the plugin for improved caching and reduced load. That’s better than using another PHP level cache.
Nice. Never tried LiteSpeed, always defaulted to nginx. Might give it a whirl and see, but I do like how easy nginx is to config for vhosts and the like.
You must have not really needed WP. Getting rid of WP for most people because of “shit WordPress plugin” is not the solution. I try to minimize the use of plugins, and only use widely known plugins with a significant user base.
On shared host if a neigbor gets infected from a bad plugin, that’s always a concern, but not common. I do frequent backups, and have spare servers (different host) ready to go if there’s a problem. For now WordPress is the sweet spot for some of the work I do.
@Ympker Avoid “premium” hacked plugins from usenet, torrent sites etc. That’s the source of most “shit” plugins. I follow the same rules as choosing Android apps. Stick to plugins with frequent updates, which support the current release of WordPress. Also, perhaps the most important attributue, they should have a significant user base.
I don’t use “hacked”/leaked versions of premium plugins. When I said hacked I meant hackable. As in “codeable”. There is a certain config file in the official plugin.zip where the max. file size is defined. All you have to do is change the value to a greater one. Done.
Note that 99%+ vulnerabilities can be mitigated by shoving a WAF in front. Even some pretty basic rules are enough to block blatant SQLi and other injections, path traversal, etc…