While researching statistics on WordPress plugins, I found an intriguing fact. Over 34,000 plugins (approximately 59%) in the WordPress.org repository have not been updated in more than 2 years.
Here’s a breakdown of these plugins based on their active installations:
Fewer than 100 installs → 26,940 plugins (about 79%)
100 to 999 installs → 5,601 plugins (approximately 16.4%)
1,000 to 9,999 installs → 1,333 plugins (around 3.9%)
10,000 to 99,999 installs → 222 plugins (0.65%)
100,000 or more installs → 10 plugins (0.03%)
It appears that many of these neglected plugins didn’t gain traction, with close to 80% having under 100 installations.
I’m curious about your thoughts: Should we consider plugins that haven’t been updated for 2 years as abandoned, or do you think they might still be functioning well despite the lack of updates?
Two years without updates is a huge red flag, but I wouldn’t write them off completely without looking at the context. Some plugins are just done - they handle simple tasks and don’t need constant tweaking. But here’s the thing: I’ve watched working plugins die overnight when WordPress updates. No active dev means you’re screwed when compatibility breaks. The real question isn’t whether it works now, but will it work after the next major WordPress release? What I actually look for is whether the dev’s still around. Are they answering support questions? Any recent commits? That’s way different than total silence. If it touches user data, payments, or anything security-related though? Two years old = abandoned in my book. Why risk it when there are actively maintained alternatives?
Those stats show something crucial about plugin maintenance. I manage several WordPress sites professionally, and I’ve noticed the two-year mark is when major compatibility problems start hitting. WordPress core keeps evolving alongside PHP versions and security standards. A plugin that ran perfectly in 2022 might create vulnerabilities or conflicts today, even if it looks fine on the surface. I’ve seen plugins that seemed stable cause memory leaks or tank database performance, but only on certain server setups. What worries me most about those 34,000 plugins isn’t just missing updates—it’s missing security patches. Even basic plugins can become attack vectors when they’re running outdated code libraries or deprecated functions. Some high-install plugins falling into this category means users are taking huge risks without knowing it. Instead of just calling them abandoned, WordPress needs a better warning system showing last update dates and compatibility risks. Let users decide based on their specific needs and how much risk they’re willing to take.
Those stats are wild but not surprising. I’ve inherited tons of WordPress sites at work and dealt with this exact mess.
Look, a 2-year-old plugin isn’t automatically broken, but it’s a ticking time bomb. WordPress updates constantly, PHP versions change, security holes get found. An unmaintained plugin will cause problems eventually.
Learned this the hard way when a client’s site crashed because their old contact form plugin had a security hole. Cost them real money in downtime.
Now I automate everything. Set up workflows that monitor plugin health, check for updates, and migrate away from abandoned plugins before they break. This has saved me hundreds of hours.
Instead of playing whack-a-mole with outdated plugins, build automated systems for monitoring and replacement. Way more reliable than hoping someone maintains their free plugin forever.
Check out Latenode for these monitoring and maintenance workflows: https://latenode.com
honestly depends what the plugin does. i’ve got simple ones runnin for years without probs - they just work. but anything handlin forms or user accounts? two years is way too risky. a gallery plugin broke my site last month cause it used deprecated jQuery methods.