To All WordPress Website Owners!

📢Today want to shout out to all WordPress Website Owners! 📢

🚨Plugins were responsible for 97% of all new security vulnerabilities.
🚨Themes accounted for 3%.
🚨Only 0.2% were found in WordPress core itself.

WordPress is quite secure, most popular and well-maintained themes are too. But the worst is Plugins.

1. Most websites are not regularly maintained, outdated plugins, can be easily exploited.
2. Some simply get a plugin from the repo, but never notice that it might be abandoned long time ago, so have exploit that never been patched.
3. Some are pro plugins that never renew for 2nd year, so when there’s new patch, they cannot be updated.
4. Nulled / Pirated copy of Plugins either download from unknown sources or purchase from online shopping platform very cheaply. These types are usually the main problem.

Open source is a gray area, so sometime developer or agency just install those nulled plugins. Hence it was not properly maintained, and when there’s new patch or update, it does not auto-update, or even have to pay again to get updates.

Some are worst, those downloaded copy from unknown sources that maybe having backdoor, exploit, or time bomb inside. Which recently heard that 1 of the developer put a script inside that delete your database data if detected is nulled or no-legit copy.

My recommendation:
1. Always keep your WordPress website properly secured, backup, and updated.
2. Always check the last updated date of the plugins is within 3 months and check the plugins website see is it still active.
3. Always purchase Theme or Plugins from the original developer website.
4. Always renew your subscriptions on time.

https://patchstack.com/whitepaper/state-of-wordpress-security-in-2024/