Last week we helped restore a WordPress site that had been hacked. The WordPress version was relatively current, but one of the plugins was old, and the hacker had used a weak spot in the plugin to vandalize the site.
Most plugins are simple and don’t cause security issues. But plugins that accept data or allow file uploads are especially vulnerable to security holes. It’s important to keep these plugins up-to-date. On your WordPress dashboard it will show you how many plugins have updates beside the Plugins menu option.
As always, perform a full backup of your site and your data before upgrading. Poorly supported plugins are notorious for generating output that can break your template and crash your site. These are usually easy to fix, but it’s still good to have a backup on hand.