In Wordfence’s monthly report about attacks on WordPress websites, they list the top 25 plugins that received the most focus in January 2017. In order of the number of MOST attacks received, they are:
- wp-ecommerce-shop-styling
- wp-symposium
- candidate-application-form
- google-mp3-audio-player
- recent-backups
- wptf-image-gallery
- db-backup
- really-simple-guest-post
- dzs-zoomsounds
- wp-mobile-detector
- jquery-html5-file-upload
- woocommerce-product-options
- s3bubble-amazon-s3-html-5-
video-with-adverts - plugin-newsletter
- tinymce-thumbnail-gallery
- simple-download-button-
shortcode - pica-photo-gallery
- wp-filemanager
- dukapress
- eugeot-music-plugin
- acf-frontend-display
- levelfourstorefront
- formcraft
- malapascua-agency
- work-the-flow-file-upload
The report goes on to say:
The WP-Mobile-Detector plugin saw the biggest gain in the number of attacks, jumping 25 points in our rankings to position 12. The plugin has been removed from the WordPress plugin repository, probably because a vulnerability was not fixed by the author, and the last review was posted over 7 months ago.
Read the full report here.