In the section “Creating posts & pages securely” discussing posts and pages, we mention avoiding installing untrusted code. Your CMS includes a useful feature that lets you install “widgets” which are items that appear in your sidebar or footer.
Choose carefully when embedding code from another website or source on your site. If you install someone else’s code, you give them access to sensitive data on your site including your site visitor cookies and your own administrative cookies.
If the code you are loading in the widget loads from your own website, then you have the ability to maintain that code. If the code loads from someone else’s website, they can change the code whenever they want.
For example, lets say your site is example.com. If you load the code you include as a widget from http://example.com/mycode.js then you control what code is being loaded on your site. The only way the mycode.js file can change is if you change it.
However if example.com is owned by someone else and you are loading that code on your own site, they can simply go in and edit mycode.js, change it so that it steals your site cookies and create a serious security problem for you.
We are Freelance Web Designer, driven to get your company better results online. You get strategy, design, development & marketing all under one roof.