WordPress Plugin Vulnerabilities List: What To Look For

Did you know that more than 73% of WordPress websites are vulnerable to data thieves, hackers and malware attacks? You would want to believe it’s the huge sites with a large membership and commerce shopping sites, but in reality, small sites and even some simple portfolio sites are becoming susceptible to attacks. Active sites, even with little traffic can be used to send worms and Trojans via users who visit with a large social network. These users send data frequently via email or through Facebook and twitter which gives the virus or malware a chance to spread to other computers on the web with just one click. This wordpress plugin vulnerabilities list will give you an idea of what to look for in ensuring your site is safe.

Plugins are snippets of code (often PHP, CSS, java-script or Ajax) that help transform WordPress into a fully functioning website instead of just a basic blog. They can be anything from contact forms to shopping to adding a more complex side show or even turning it into a membership site. You can connect your social sites and upload your posts as soon as you post them to your scores of followers. This is a good way to spread an attack. Your viewers will click on an infected link which can take them to a site to steal their information, or a site that will infect their computer if they download anything. Your reputation is damaged because you, unknowingly sent attacks to your friends or colleagues.

What Should You Look Out For?

The safest place to download plugins is through wordpress.org or buying them through sites like codecanyon. Third party plugins have a greater risk of containing code that is vulnerable to being re-written.  When you find one, here is what you should look for before downloading:

Completion Date

This can help determine a number of things, but most importantly, it lets you know how recent it has been created and if it is compatible with the latest version of WordPress.


These are done by users like you and WordPress.org. user ratings are your best bet in determining if it is safe. Also, user ratings give you a good idea about the quality of the file.


Comments are a great tool to use to determine if a plugging is safe if you buy it from a site like codecanyon. You can also check these to see how responsive the author is with replies. They will also post updates, complete overhauls, or if they can keep up with maintenance.

Author Resource Box

On wordpress.org or sites like codycanyon, an author will post a description of the file. They will also post updates, links to new versions, links to their personal websites or contact information. If it is visible, sending them a short email is a great way to tell how well they respond to updates.

There are sites you can go to to perform a safety audit on your site to make sure its safe. You can also download the plugging as a zip file to your hard drive and perform a virus scan with your plugging still zipped. If you are unsure if its safe, do not unzip it!

There is no real way to make your WordPress website 100% foolproof against hackers and data thieves. There will always be someone steps ahead and knowing enough code to write new scripts. By knowing what to look out for, you can help protect your site against hacks that can destroy your hard work, steal your customer’s information, or damage your reputation by spreading viruses.

Leave a Comment