Skip to content
Go to the blog overview Go to the blog overview

Outdated Plugins Responsible for 25% of WordPress Hacks


Sucuri recently released their 2016 Q1 Security Report and one of the highlights was the revelation that just three plugins are responsible for a whopping 25% of all WordPress hacks. If you didn’t already understand the importance of keeping your plugins updated, this should convince you.

The three popular plugins that are responsible for the majority of WordPress hacks are RevSlider (40%), GravityForms (36%) and TimThumb Script (24%), so if you’re running any of these it’s absolutely imperative that you update whenever a new release rolls around. RevSlider alone was responsible for more than 100,000 sites being hacked in a single month (December 2014) and Sucuri have suggested the reason for this figure is that RevSlider is embedded in so many themes that users may not even realise they have it.

So what causes the other 75% of hacks? According to Sucuri, these can be traced to WordPress’ exterior components like plugins and themes, rather than WordPress itself. A dent chunk of the 75% is likely to come from other outdated software.

WordPress has been taking security even more seriously in recent releases, with auto-updates now available (if you’re not sure where to start with auto-updates, here’s a helpful guide from Site Ground) and both plugin and theme developers taking steps to ensure their software doesn’t leave users open to attack.

To hear more about how the team can help you out with managed services and maintenance plans, drop us an email and we can provide tailored information for your business.