While WordPress is quickly becoming a CMS of choice for many developers, and theme resellers, it is critical that developers and end users alike understand that plugins which can help a WordPress site use these modules to set up website email forms, adjust better SEO performance, design clever menus and slide shows, etc.
Plug ins are designed by other people, who may or may not maintain security and interoperability changes to work with each update to the WordPress platform. Any WordPress developer should always choose reputable plugin authors.
A recent plugin for WordPress installed inside 1000’s of WordPress websites, was hiding a vulnerability that brought down all of these websites. It was a plug-in to allow picture linking to Flickr accounts. These details are here.
This is just a note explaining that all WordPress web sites need to be audited and each and every plugin needs to have an author that keeps in touch with their users. Additionally staying in touch with local WordPress developers and meetup.com events can help everyone understand these problems and ways to prevent future attacks on existing WordPress websites.