A lot of WordPress users seem to misinterpret the “This Plugin hasn’t been updated in 2 years” warning as a security issue. For some reason they assume that since a plugin hasn’t been updated in 2 years or more that it must be vulnerable to some security exploit.
This isn’t necessarily true. Obviously it could be. Anything is possible. But, so is a freshly updated, or brand new plugin. They could be just as vulnerable. Just because it’s new, or just updated doesn’t necessarily make it secure. Maybe it is, and maybe it isn’t.
What it should imply is more like 2 years or more have gone by since the developer updated it maybe they gave up or abandoned it.
When you get up into 3-5 years since it was last updated there is a good chance the developer stopped updating it forever. Not always, but the more time since the last update the more likely this is the case.
Unfortunately there isn’t a good system in WordPress of letting you know that a plugin hasn’t been updated in a long time. You have to either go to the plugin page in the WordPress repository. Or, your plugins in the WordPress admin dashboard. (Plugins -> More Info …)
I am not concerned so much with the amount of time and security issues. I am more so concerned with if they happened to abandon the plugin entirely.
It kind of bums me out when a developer gives up, calls it quits, and stops updating. Not that I blame them. It is a ton of work updating a plugin on a regular basis just so everyone in the entire world can use it for free.
Unless the developer has a free limited version and a more full featured paid premium version I definitely don’t see how someone wants to keep developing and updating for the heck of it.
I don’t have time to update a plugin or theme for that matter for free. I know WordPress prides itself on all the free plugins and themes, which is great for them. Not so great for the developer.
I have a few plugins I submitted to WordPress that are in the repository available for free download. However, I don’t have a clue how long I will be able to keep developing and updating them. Especially since I don’t have paid premium versions available.
Mine were created more for fun and to see if I could actually get a plugin in the WordPress repository. I have read articles where people said they couldn’t get their plugin into the repository no matter what they did.
I wanted to see how difficult it was and how the process of submitting one worked overall. All three of my plugins were accepted the first time I submitted. Each within 24 hours or less time too.
So, I kind of get the impression that a lot of people do not read all the details and instructions for submitting a plugin or theme. If they would take the time to read these maybe they would get theirs accepted in a timely manner.
It could be a lot of different reasons actually though. Maybe it just didn’t meet quality expectations or something along those lines.
Maybe there was a security issue identified, although I kind of doubt it.
At any rate don’t assume a plugin is susceptible to a security exploit or issue just because it hasn’t been updated in 2 or more years.