25 Oct 2023
When adding plugins, you may sometimes see a notification stating that the plugin hasn’t been updated for more than 2 years.
Does this necessarily mean that the plugin is insecure?
Some plugins have simple functions with only a few lines of code that don’t need to be updated.
Updating a plugin is only necessary when it contains vulnerabilities that can be exploited by hackers.
How to determine if a plugin is still secure
One way to find out if a plugin is vulnerable is through www.wpvulndb.com.
At the time of writing, this website has registered over 8000 vulnerabilities in plugins and themes.
Use the search bar to check your plugin.
If you are a programmer, you can also perform a check using WPscan.
This is a bit more complicated and requires knowledge of various software and operating systems.
Another method to check is by entering the plugin name in Google’s search engine.
Google the name of the plugin + hack, hacked, malware, injection. Do this primarily in English as you’ll have the greatest chance of getting results.
What to do if a plugin is outdated or vulnerable?
WordPress currently has more than 51,000+ plugins.
There is a good chance that you can easily find an alternative plugin that can fulfill the same role.
Above all, do not take any risks if the plugin is on the list of www.wpvulndb.com.
Automated scripts test thousands of websites daily for vulnerable plugins.
These scripts quickly find your website via Google and inject advertising or malware into your website.
