WordPress Plugin Graveyard: Abandoned Plugins Still Running on Millions of Sites

Q: How do I know if a WordPress plugin is abandoned?

Check the 'Last Updated' date on the plugin's WordPress.org page. If it hasn't been updated in over 2 years, it's likely abandoned. Other signs include: unresolved support threads, no response from the developer, and a 'Tested up to' version that's several major releases behind the current WordPress version. Our Plugin Graveyard database tracks all plugins with 10,000+ installs that meet these criteria.

An estimated 59% of WordPress plugins are abandoned — no longer receiving security patches, compatibility updates, or support. Research by Patchstack found that nearly 1,000 plugins were closed from the WordPress.org repository in a single month, affecting 7.1 million active installations. Many of these outdated WordPress plugins contain known vulnerabilities that attackers actively exploit.

This database tracks abandoned WordPress plugins with 10,000+ active installs that haven't been updated in over 2 years. Search for plugins you use, check their status, and find actively maintained alternatives.

Data source: WordPress.org Plugin API Last refreshed: -- Criteria: 10K+ installs, 2+ years stale

Frequently Asked Questions

Is it safe to use outdated WordPress plugins?

No. Outdated WordPress plugins that haven't been updated in 2+ years pose significant security risks. They may contain unpatched vulnerabilities, break compatibility with newer PHP and WordPress versions, and conflict with other plugins. In October 2025 alone, Patchstack reported nearly 1,000 plugins were closed from the WordPress repository due to security issues, affecting 7.1 million active installations.

How do I know if a WordPress plugin is abandoned?

Check the "Last Updated" date on the plugin's WordPress.org page. If it hasn't been updated in over 2 years, it's likely abandoned. Other signs include: unresolved support threads, no response from the developer, and a "Tested up to" version that's several major releases behind the current WordPress version. Our Plugin Graveyard database tracks all plugins with 10,000+ active installs that meet these criteria.

What happens if a plugin is removed from WordPress.org?

When a plugin is removed (closed) from the WordPress.org repository, it can no longer be downloaded or receive updates. However, sites that already have the plugin installed will continue running it — with no security patches. This is extremely dangerous. You should immediately find an alternative and remove the closed plugin.

How many WordPress plugins are abandoned?

Research suggests approximately 59% of all WordPress plugins are abandoned or no longer actively maintained. Our database currently tracks abandoned plugins that have 10,000 or more active installs, collectively running on millions of WordPress sites. The actual number of abandoned plugins (including those with fewer installs) is in the tens of thousands.

What should I do if I'm using an abandoned plugin?

First, check if the plugin performs a critical function on your site. Then search for an actively maintained alternative that provides the same functionality. Before removing the old plugin, install and configure the replacement, verify it works correctly, then deactivate and delete the abandoned plugin. Always back up your site before making changes.

The WordPress Plugin Graveyard

Abandoned Plugins

We update our plugins. Here's the proof.