It is important to keep your WordPress and plugins up to date. Most successful WP hacks are due to out-of-date WP core or plugins.
Many websites had a bad day in December and got blacklisted from Google. This was due to the “SoakSoak” vulnerability that affected a lot of plugins.
We don’t use any of these plugins here at Quadshot, but many people do. According a ZDNet article Dec 16, 2014
“…serious security holes in WordPress plugins WPTouch (5,670,626 downloads), Disqus (1,400,003 downloads), All In One SEO Pack (19,152,355 downloads), and MailPoet Newsletters (1,894,474 downloads).”
Links: Article from ZDNet
Plugin links. If you use these, update them! (Note: we do not endorse any of these plugins, providing links for convenience.)
We’ll be writing a lot more about Security and Best Practices this year.