Skip to main content

55% of hacked WordPress sites are via plugins – how are yours looking?

wp-plugin

According to a recent article from the great folks at Wordfence, over 55% of hacked websites are due to a vulnerability of a plugin on the site. Even the most basic site typically has a handful of plugins on it, so what can you do to keep yourself safe? See below for some tips.

Vet quality plugins

When choosing plugins for your site, there are things you can do to help ensure that you’re using a quality plugin that is unlikely to cause problems. Here are some things to look for:

  • How many times has it been downloaded?
  • How frequently is it updated?
  • How often does the plugin author respond to issues in their support forum?

A big problem is when a plugin becomes abandoned and new vulnerabilities aren’t addressed. With over 40,000 plugins available, this happens quite often. It’s for this reason that we encourage you to not always look for free solutions, as many times the free plugins are the ones that go stale. A paid plugin from a reputable company will likely continue to be updated longer into the future, though you should keep an eye on things either way.

Use clean themes

Related to this are the themes that come with lots of features baked in. We always encourage people to choose themes that look and work great but have zero functionality built-in. All of your functionality should come via plugins, so that it’s easier for you to keep an eye on what you have, update them on a regular basis, etc.

Case in point, a few years ago a major security hole was found in the popular Revolution Slider plugin. Those that had loaded it as a separate plugin were able to update it and stay secure. However, it was also a built-in “feature” that caused hundreds of thousands of sites to get hacked, because the site owners weren’t aware of the issue on their site.

Keep everything updated

This should be obvious by now, but keep your plugins (and WordPress itself) updated. Do it carefully, as things can sometimes go wrong, but if you use a clean theme and use quality plugins, the odds of a problem occurring are low.

Keep it backed up

Of course, having “low” odds of a problem occurring doesn’t mean you’ll always be fine. Further, even if you follow every security practice perfectly, there is always an off-chance that you’ll be hacked. In either case, having a solid (recent!) backup of your site can be a life-saver. Your web host likely has one and can help you in case of emergency, but having a second copy is always something you should be doing.

We talked last year about the tools we use to help keep sites updated, backed up and secure. Check out that article to learn how to do it yourself, or hire someone (like us or many others) to do it for you.

How else can I get hacked?

If plugins are 55% of the causes of hacks, that leaves a lot of other situations out there as well. The full post on Wordfence offers tips for keeping your site protected against other attacks and is well worth reading.

If you need further help getting things squared away, please reach out to us and we’ll be happy to help.

Share this:

Mickey Mellen

Co-Founder and Technical Director

View Mickey's Profile

More from Our Blog

Making the Most Out of Your Website’s About Page

While every website we build at GreenMellen is custom, there are a handful of pages that should be on all websites. This list includes a…

Read More
people sitting around a table with their computers

Digital Marketing Scams: How to Spot and Avoid Them Online

In an era dominated by technology and connectivity, we have access to everything we want and need right in our hands. The internet plays a…

Read More

AI Policies: What Are They and Does Your Small Business Need One?

It’s no secret or surprise that artificial intelligence (AI) has taken the world by storm recently. The business world and even small businesses are not…

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *