The Problem with Plugins
Many of the most critical vulnerabilities result from plugins. There are literally tens of thousands of WordPress plugins available; at the time of this article, there are over 55,500 plugins available through the official WordPress site4 — and that’s not counting plugins for sale through other websites.
Add in the 7,200 WordPress plugins for sale on just one site, Code Canyon5, and you’re at more than 62,700 available plugins total.
At first, this wide variety can seem like a good thing. Whatever feature you’re trying to add to your website, there’s probably a plugin already available that can fit your needs.
However, the truth is more complicated. Many of these plugins are outdated or poorly maintained. WordPress is open-source — anybody can develop a plugin and release it to for use on other websites. As a result, many developers produce plugins that are not aligned with best practices, or are not maintained as the year (and software updates) go by.
In fact, only 3% of available WordPress plugins were developed in the last year.6 And in 2018, fully 98% of WordPress vulnerabilities were related to plugins.2
Keep in mind: having poorly developed or outdated plugins installed on your website can create major security risks, even if they are inactive.
What can you do to improve website security?
Armed with this information, what can you do to improve your web security? If you haven’t reviewed my Annual Website Security Checklist, I suggest you start there for tips to improve your WordPress security.
Of particular importance: update your WordPress files and plugins — even for inactive plugins! Better yet, remove all unnecessary plugins and themes.
Note: updating WordPress files and plugins can affect site functionality. I always recommend updating each element individually and testing the site between updates. If you’re unsure about updating your WordPress website, contact me about updating your site.
Invest in Your Website Security
As WordPress continues to grow in popularity, vulnerabilities will continue to grow, too. Your security needs to stay ahead of attacks and compromises, and I hope these stats show that your web security must be a top priority this year.
Questions or concerns? Schedule a free call with me to discuss improving your WordPress security.