Why Outdated WordPress Plugins Put Your Website at Risk
Your IT Partner
Contact Help Desk 1300 131 626

The Problem With Old WordPress Plugins

Your website isn’t just a page on the internet, it’s part of your business. And just like anything valuable, it’s a target. One of the biggest risks to WordPress sites right now comes from something many people overlook: old plugins.

A Real Example of What’s Happening Right Now

Recently, hackers launched a massive attack campaign targeting WordPress sites that were running out-of-date plugins. Two very popular plugins, GutenKit and Hunk Companion, had security holes in older versions. Hackers used these gaps to break into websites.

To give you an idea of the scale:
WordPress security company Wordfence blocked 8.7 million attack attempts in just 48 hours.

That’s how aggressively attackers look for old, unpatched plugins.

Why Old Plugins Are So Dangerous

When plugins aren’t updated, they can have weaknesses that allow hackers to:

  • Break into your site
    They can install their own fake plugins, add backdoors, or upload harmful files.
  • Take control of the admin area
    Hackers can disguise malicious tools to look like normal plugins and log in as if they’re you.
  • Stay hidden for long periods
    Once inside, they plant files and folders that help them stay in control without being noticed.
  • Use your site for further attacks
    Compromised websites can be used to spread malware, send spam, or attack other sites.

Even though the security fixes for these plugins were released over a year ago, thousands of websites still haven’t updated, and remain an easy target.

How Technicalities Can Protect You

At Technicalities, we make sure your site isn’t one of the vulnerable ones. Here’s how:

Plugin Health Check

We review all plugins on your site, identify outdated or unsafe ones, and recommend safe alternatives if needed.

Security Clean-Up & Hardening

We apply updates, remove unused plugins, and make sure your site is configured securely, especially the areas attackers like to target.

Monitoring & Alerts

We keep an eye out for unusual activity, suspicious files, or attempts to install new plugins without approval.

Regular Maintenance

Your site stays updated, backed up, and protected, so you don’t need to worry about security gaps.

The Bottom Line

  • Hackers are actively targeting WordPress sites with outdated plugins.
  • Millions of attack attempts are happening in days, not months.
  • Popular plugins like GutenKit and Hunk Companion have already been used in real attacks.
  • Updating your plugins regularly is one of the simplest and most effective ways to stay secure.

At Technicalities, we help keep your website safe by maintaining it proactively, before problems arise.

Back to Articles

Other news & articles

Why Choose Technicalities as your MSP?

About Technicalities Why Choose Technicalities as Your IT Partner? Established 1998  ·  Melbourne, VIC 1998 Established in Melbourne 25+ Years serving Melbourne businesses 15+ Years — our longest-serving engineers Our Philosophy Choosing an IT partner is a bigger decision than it might first appear. You’re not just buying a service — you’re deciding who picks…
Read more

AI is Already in Your Business

Share Artificial Intelligence AI Is Already in Your Business.Time to Get Ahead of It. May 2026  ·  Technicalities The Short Version AI tools are no longer optional extras — they’re becoming part of how businesses operate. For most businesses running Microsoft 365, the question isn’t whether AI will affect your workplace, but how quickly, and…
Read more

AI Phishing attacks Microsoft

Cyber Security AI Is Now Driving 86% of Phishing Attacks — and Microsoft Is the Primary Target May 2026  ·  Technicalities 86% of phishing attacksnow AI-driven +139% increase in reverse proxyattacks stealing M365 credentials 41% of AI phishing attacksnow target Microsoft Teams Key Takeaway Phishing has moved well beyond suspicious emails with bad grammar. AI-powered…
Read more