Abandoned WordPress Plugins Can Make Your Site Vulnerable

Wordfence is one of the first plug-ins I install when I set up a WordPress site. And their blog is a great source of information on current vulnerabilities and exploits. They have posted a list of 22 Abandoned WordPress Plugins with Vulnerabilities. And while the list is interesting, some of the other data they have unearthed is a cause of concern.

WordPress currently has over 37000 plug-ins listed in their repository. Over half of those have not been updated in over two years. And while not all of those plug-ins will have vulnerabilities, it’s likely a lot of those plug-ins will be installed on blogs that are active today but operated by people who aren’t across all the risks we face in today’s threat environment.

More than 10% of the plug-ins on WordPress’ books haven’t been updated in over seven years.

Wordfence offers advice for both the developers of abandoned plug-ins and users.

For developers, either remove the plug-ins or fix them. Users should uninstall older plug-ins and look for alternatives.

For what it’s worth, I’ll be be doing some site audits over the next few days to check none of the abandoned software Wordfence has identified is on any of the sites I manage. It’s also a good time to remove unused plug-ins I’ve disabled and to remove any unneeded plug-ins as well.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments