That plugins are vulnerabilities for hackers, we have known for a long time. Right? And that plugins are constantly being hacked is well-known among WordPress users.
No?
Then, this is a wake-up call…
5 Popular Plugins Often Hacked
- WP Super Cache
Hacked 10 times in 2 years!
- All in one SEO pack
Hacked 5 times in 2 years.
- BB-press
Hacked every year: 2014, 2015, 2016.
- WooCommerce
The list is too long to put down, hacked 21 times in a few years.
- Nextgen Gallery
Who hasn’t used it for photo albums?
- Bonus: Jetpack
Used by millions of websites but often found vulnerable!
And the list of hacked plugins goes on…
There are many plugins that have been hacked, see WPvulndb.com.
Both unknown and the most popular plugins fall victim. Hackers target popular plugins because they know that way they can affect many websites.
Note: Hackers write a script that automatically scans websites on the internet for vulnerable plugins. This happens with hundreds of websites per hour; the hacker is, of course, not manually hacking each website.
What Does This Mean for My WordPress Website?
Use as few plugins as possible and don’t leave them deactivated on the server!
Keep the plugins up-to-date or ensure good security.
Have a backup! This way, you can restore the website to a point before the hackers got in and then update or remove the plugins.
Have You Been Hacked?
If your WordPress website has been hacked, you will need to thoroughly examine WordPress and all files on the server to remove the backdoors and scripts. Then, you’ll need to work hard to secure the website.
Alternatively, you can leave it to us:
Let us restore your hacked WordPress website.