On Thursday of last week, we released Wordfence 6.3.11 which included a really exciting new feature: we are now alerting you if you are running a plugin that either appears to be abandoned or has been removed from the WordPress.org plugin directory. In this post, we explain how each of these new alerts work and why they’re so important to the security of your website. Abandoned Plugins At Wordfence, we define a potential abandoned plugin as one that has not been updated by its developers in at least 2 years. In May, we analyzed the plugins in the WordPress.org repo and found that almost half of them hadn’t been updated in over 2 years. Over a third of them had a compatibility tag for a WordPress version dating back to 2014 or earlier. The alert we send tells you how long it’s been since the developer updated the plugin, as well as whether we found reference to any unpatched security issues with it and whether it has been tested with the current version of WordPress. Why Should You Care if a Plugin Hasn’t Been Updated Recently? If a developer hasn’t updated a plugin in two or more years, there is a really good chance that the plugin author has actually abandoned
Share This