Are your WordPress Plugins Safe?

Two hands using a mobile device with and open laptop behind them. Security chart above image of hands. IGV logo bottom right.

WordPress continues to be one of the best platforms for web design today. It is popular because of the versatility it offers users. It is an open-source product that offers a low-code solution for many businesses to build custom websites. However, because it is open source, it is also one of the hottest targets for WordPress hackers. One of the biggest places a WordPress website is vulnerable is through the plugins used to add functionality to a website.

“WordPress was the most commonly-hacked CMS (content management system) in 2021, according to Sucuri’s annual hacked website report. Over 95.6% of infections detected by Sucuri were on websites running WordPress.” This is most likely due to WordPress is the most popular CMS.

What is a WordPress Plugin?

A plugin is a piece of software that “plugs into” your WordPress site that alters or enhances the functionalities on your website. In May 2004, WordPress implemented changes to its system to allow its users to write self-made plugins. These functionalities can range from a minor tweak inside of a specific area within a website or something as significant as a complete website makeover. Plugins offer experienced and non-experienced website builders an easy path to creating a website. The plugins you use on your website should be safe, but there are some crucial safety and security facts you need to know about choosing the correct ones.

About the WordPress Plugin directory

WordPress’s plugin directory, also known as WordPress Plugin Repository or repo, is the largest directory of WordPress plugins. This directory currently houses more than 58,000 free and freemium plugins.

Why are there so many plugins? Developers can create and upload their own plugins at their leisure. Plugin development often stems from a demand for a specific feature or to make the WordPress communities’ development processes run smoother.

How the WordPress Plugin directory is maintained

Here’s how the WordPress directory is maintained. It’s barely maintained! When a plugin is developed, it must meet some basic guidelines, but each plugin’s developers are responsible for keeping their plugins current and properly maintained. However, if a plugin has severe security issues or goes outside the directory guidelines, WordPress will take action and remove it from the directory. These removals are often temporary to allow the developers to fix the flagged security issues. However, in an in-between phase, a risky plugin may still exist within the directory.

Example screencap of a plugin that was removed from the WordPress directory pending a security review.

How can I tell if my WordPress plugins are safe?

Just because plugins are available through WordPress’s official directory does not mean they are immune to issues. Because of this, you should be aware of various risk signs so that you can skip downloading a shady or compromised plugin or take appropriate steps with your currently installed plugins. An example of a deceptive plugin update practice is when an author makes a “tested up to” update without actually testing. Often, they just make a note in the log to keep their plugin from being flagged.

Two hands typing on a computer with code and icon chart floating. IGV logo bottom left.

How to avoid security risks from WordPress plugins

  • Use as few as possible
  • Rating/Reputation
  • Always choose a paid option when available
  • Support area activity
  • Check when it was last updated
  • Update as frequently as possible
  • Remove and Replace abandoned plugins
  • Monitor with a security plugin like WordFence, Sucuri, etc.


Hosting your WordPress website with IGV will give you peace of mind that your plugins are handled with the utmost security. We will run a fine-tooth comb through your website and ensure that your plugins are all current and risk-free. Should you choose our Platinum Maintenance plan, we will replace your outdated plugins free of charge!
Contact us for more details!


Ryan Lovejoy
January 30, 2023

Get marketing tips & seminar notifications!

Get the latest update on digital marketing trends and upcoming seminar notifications straight to your inbox.

Stay Connected

© 2024 Innovative Global Vision, Inc. All rights reserved