Most Attacked WordPress Plugins in January 2017

Wordfence security report

In Wordfence’s monthly report about attacks on WordPress websites, they list the top 25 plugins that received the most focus in January 2017. In order of the number of MOST attacks received, they are:

  1. wp-ecommerce-shop-styling
  2. wp-symposium
  3. candidate-application-form
  4. google-mp3-audio-player
  5. recent-backups
  6. wptf-image-gallery
  7. db-backup
  8. really-simple-guest-post
  9. dzs-zoomsounds
  10. wp-mobile-detector
  11. jquery-html5-file-upload
  12. woocommerce-product-options
  13. s3bubble-amazon-s3-html-5-
  14. plugin-newsletter
  15. tinymce-thumbnail-gallery
  16. simple-download-button-
  17. pica-photo-gallery
  18. wp-filemanager
  19. dukapress
  20. eugeot-music-plugin
  21. acf-frontend-display
  22. levelfourstorefront
  23. formcraft
  24. malapascua-agency
  25. work-the-flow-file-upload

The report goes on to say:

The WP-Mobile-Detector plugin saw the biggest gain in the number of attacks, jumping 25 points in our rankings to position 12. The plugin has been removed from the WordPress plugin repository, probably because a vulnerability was not fixed by the author, and the last review was posted over 7 months ago.

Read the full report here.

Comments are closed.