Skip to main content

55% of hacked WordPress sites are via plugins – how are yours looking?


According to a recent article from the great folks at Wordfence, over 55% of hacked websites are due to a vulnerability of a plugin on the site. Even the most basic site typically has a handful of plugins on it, so what can you do to keep yourself safe? See below for some tips.

Vet quality plugins

When choosing plugins for your site, there are things you can do to help ensure that you’re using a quality plugin that is unlikely to cause problems. Here are some things to look for:

  • How many times has it been downloaded?
  • How frequently is it updated?
  • How often does the plugin author respond to issues in their support forum?

A big problem is when a plugin becomes abandoned and new vulnerabilities aren’t addressed. With over 40,000 plugins available, this happens quite often. It’s for this reason that we encourage you to not always look for free solutions, as many times the free plugins are the ones that go stale. A paid plugin from a reputable company will likely continue to be updated longer into the future, though you should keep an eye on things either way.

Use clean themes

Related to this are the themes that come with lots of features baked in. We always encourage people to choose themes that look and work great but have zero functionality built-in. All of your functionality should come via plugins, so that it’s easier for you to keep an eye on what you have, update them on a regular basis, etc.

Case in point, a few years ago a major security hole was found in the popular Revolution Slider plugin. Those that had loaded it as a separate plugin were able to update it and stay secure. However, it was also a built-in “feature” that caused hundreds of thousands of sites to get hacked, because the site owners weren’t aware of the issue on their site.

Keep everything updated

This should be obvious by now, but keep your plugins (and WordPress itself) updated. Do it carefully, as things can sometimes go wrong, but if you use a clean theme and use quality plugins, the odds of a problem occurring are low.

Keep it backed up

Of course, having “low” odds of a problem occurring doesn’t mean you’ll always be fine. Further, even if you follow every security practice perfectly, there is always an off-chance that you’ll be hacked. In either case, having a solid (recent!) backup of your site can be a life-saver. Your web host likely has one and can help you in case of emergency, but having a second copy is always something you should be doing.

We talked last year about the tools we use to help keep sites updated, backed up and secure. Check out that article to learn how to do it yourself, or hire someone (like us or many others) to do it for you.

How else can I get hacked?

If plugins are 55% of the causes of hacks, that leaves a lot of other situations out there as well. The full post on Wordfence offers tips for keeping your site protected against other attacks and is well worth reading.

If you need further help getting things squared away, please reach out to us and we’ll be happy to help.

About the Author

Mickey Mellen

Co-Founder and Technical Director

View Mickey's Profile

More from Our Blog

8 Tools To Master For Better Digital Marketing Data Analytics

When it comes to digital marketing and promoting your business, the process can become overwhelming. Determining what tools would be helpful can feel like a…

Read More
Worker wearing orange shirt typing on a laptop

Common Marketing Problem: Not Being Discovered by the Right Google Searches

Making your website visible through Google searches can make or break your online presence.  Consider this statistic: over 90% of online experiences begin with a…

Read More

Google Search Console: How To Use This Free Tool To Create More Marketing Content?

If you’re interested in what is going on with your site, then this blog post is for you. We’ll discuss a tool called Google Search…

Read More
Two people working with a tablet and sitting in front of a laptop