Top 25% of hacked WP websites uses these three plugins

In the latest article from Sucuri, they released some interesting data about the hacked websites they clean. 25% of the WordPress websites that were hacked were using one of three (not updated) plugins: Revslider, Gravity forms, or timthumb.

Another interesting fact: 78% of the hacked websites was WordPress. I’m confident that WordPress is as safe as any other platform, but is just very popular (about 25% of all websites are WordPress these days 78 million, with 50.000 new WP websites each day). Furthermore, when comparing with other platforms like Drupal and Magento, it is especially popular with “non-techies”, which increases the risk of lazy update management.

“In all instances, regardless of platform, the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components, not its core”

What this means is that the plugins are causing all issues. And I suspect that most issues were fixed in the plugin before the site was hacked. The following quote confirms this:

“All three plugins (Gravity forms, Revslider and TimThumb) had a fix available over a year, with TimThumb going back multiple years (four to be exact, circa 2011)”

Which shows us once more that continuous updating of your platform is one of the most powerful methods to increase security!


Related Articles

  • Really Simple Plugins takes over development for Zip Recipes!

    We have added a cool new plugin to the Really Simple Plugins family: Zip Recipes! The past two years the plugin was developed by Gezim, who has created great features,...
  • Really Simple SSL 3.2

    ** Edit ** Some users were having issues after the update. Two bugs were fixed immediately and released, in 3.2.1 and 3.2.2. Sorry for the inconvenience caused!  When users had...
  • Help translate!

    Translation has become much easier, now it is integrated on the wordpress website. To help translate in your language, go to the translation page. Share Share Share
  • Really Simple SSL available in 21 languages!

    I noticed this morning that Really Simple SSL is now available in 21 languages, which is pretty cool! See also the translation page here: Really Simple SSL is now installed...