No one wants their website hacked. New stats suggest updating WordPress plugins could be your first line of defense.
Consider this: How much time do you spend regularly updating WordPress plugins on your blog? How often do you check to see if you have plugins that need to be updated?
Chances are the answers to either question, if not both of them, is not enough.
BloggingWizard recently posted a list of 25 WordPress stats that I started skimming through. One of them in particular surprised me.
It states that more than half of WordPress security vulnerabilities can be traced back to plugins.
Not the WordPress installation itself. Not outdated themes.
Plugins.
It shouldn’t have surprised me, though, since the data is not exactly new.
Wordfence wrote about the problem back in 2016, reporting 55.9% of known entry points from hackers could be traced to plugin vulnerabilities.
The stat on BloggingWizard came from a 2018 report from KeyCDN, which cited a WPScan report that listed plugins being responsible for 55.2% of vulnerabilities.
Do the numbers surprise you?
At this point, they shouldn’t. They shouldn’t surprise me, either.
Updating WordPress plugins should be a key security strategy.
WordPress makes it easy to check your plugins. Right along the lefthand sidebar, you can see at a glance whether any plugins require your attention. Just look about halfway down the sidebar and you’ll see a link for plugins.
If one or more plugins require action, you’ll know it immediately:

Note the little 1 in the red circle next to the plugins link? That’s an indication you should update something. When you click the word Plugins, you can scan the plugins you have on your site. Any available updates will display underneath the plugin listing.
Click Update and within about a minute, WordPress will quickly install and update the plugin for you.
I noticed a new option. At least, it appears to be new. Look at the far right:

I don’t know when this first appeared. I just noticed it yesterday as I spent a few moments updating my site’s WordPress plugins. That Disable auto-updates always defaults to Enable auto-updates. For a few key plugins, I clicked that link. That toggles it to read disable auto-updates as it appears in the graphic.
So, if you’re the type who doesn’t think about updating WordPress plugins all that often, that link might be worth a click for each installed plugin. That way, you will be running the latest versions.
Since those plugin updates usually contain some security patches designed to prevent vulnerabilities, you should check more often.
Therefore, if you aren’t taking the time to make sure you run the latest plugin versions, give your sidebar a quick look. The time it takes you to get up and grab a cup of coffee could make your site safer.