How Safe are WordPress Plugins?

How many WordPress plugins are there?

One of the things people love about WordPress is the vast array of available plugins. As of today, there are over 54,000 WordPress Plugins available on the WordPress.org repository. This isn’t even counting the thousands of additional premium WordPress plugins out there.

While all those options are great for extending your site, each extension is a new potential gateway for a malicious actor. And while most WordPress developers do a good job of following code standards and patching any updates as they become known, there are still a few potential issues:

  • A plugin or theme has a vulnerability and, because there aren’t as many eyes on it as the WordPress core software, that vulnerability goes undetected.
  • The developer has stopped working on the extension but people are still using it.
  • The developer quickly patches the issue, but people just don’t update.

So just how big is the issue?

Well, in 2016 Wordfence conducted a survey of hacked website owners and found that over 60% of the website owners who knew how the hacker got in attributed it to a plugin or theme vulnerability.

 

Similarly, in Sucuri’s 2016 report, just 3 plugins accounted for over 15% of the hacked websites they looked at.

Bottom Line:

The vulnerabilities in those plugins had long since been patched – site owners just hadn’t updated the plugin to protect their site.

The Solution:

WordPress themes and plugins introduce a wildcard and can open your site to malicious actors. Much of this risk can be mitigated by keeping your plugins updated and only installing from reputable sources. That’s why we only offer the latest versions of premium WordPress plugins.