Top 25% of hacked WP websites uses these three plugins

In the latest article from Sucuri, they released some interesting data about the hacked websites they clean. 25% of the WordPress websites that were hacked were using one of three (not updated) plugins: Revslider, Gravity forms, or timthumb.

Another interesting fact: 78% of the hacked websites was WordPress. I’m confident that WordPress is as safe as any other platform, but is just very popular (about 25% of all websites are WordPress these days 78 million, with 50.000 new WP websites each day). Furthermore, when comparing with other platforms like Drupal and Magento, it is especially popular with “non-techies”, which increases the risk of lazy update management.

“In all instances, regardless of platform, the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components, not its core”

What this means is that the plugins are causing all issues. And I suspect that most issues were fixed in the plugin before the site was hacked. The following quote confirms this:

“All three plugins (Gravity forms, Revslider and TimThumb) had a fix available over a year, with TimThumb going back multiple years (four to be exact, circa 2011)”

Which shows us once more that continuous updating of your platform is one of the most powerful methods to increase security!


Related Articles

  • Really Simple SSL 2.5.21 ready for betatesting

    Today 2.5.21 was released for beta testing on We welcome any input on this new release! This release is already extensively tested without any issues, but we love to get...
  • Really Simple SSL available in 21 languages!

    I noticed this morning that Really Simple SSL is now available in 21 languages, which is pretty cool! See also the translation page here: Really Simple SSL is now installed...
  • Really Simple SSL 2.2.13 beta released

    The new version has been released in beta. Please install and let me know what you think of it. Download it here Several improvements and bugfixes were made, including: A...
  • Easy Digital Downloads Gravity Forms license integration

    As we use Easy Digital Downloads software licensing for plugin upgrade handling in combination with Gravity Forms to handle support requests, I missed a simple automatic license check in Gravity...