First launched in 2003, WordPress happens to be one of the oldest platforms out there, which is even older than Youtube, Facebook, and Twitter.
Throughout its nearly 2 decades of existence, WordPress has constantly gained impressive achievements, including powering 37.8% of the internet and over 75 million sites on the web. On top of that, WordPress also takes the lead on the diversity of plugins and numbers of plugin downloads.
In this post, we will give you a short history of WordPress plugins, how they work as well as highlighting the juiciest WordPress plugin statistics for 2021. We also dig deeper into the top popular WordPress plugins of all time, along with the top 3 with the most vulnerabilities.
Last but not least, an introduction about a useless but iconic WordPress plugin will wrap up this post. The data we’re going to present has been carefully sifted through various sources. Plus, we’ve put great efforts into updating and organizing the most recent information.
At the end of this article, you’ll get insight into:
- Everything You Need to Know about WordPress Plugins
- Juiciest WordPress Plugin Statistics 2021
- The Most Popular and Best Plugins of All Time
- Top 3 WordPress Plugins with Most Vulnerabilities
- Bonus: a Useless but Iconic WordPress Plugin
Everything You Need to Know about WordPress Plugins
A WordPress plugin, in a nutshell, refers to an add-on “plugged in” to your WordPress site to either add new features or extend existing functionalities. It allows users to upgrade and expand the function of your WordPress site without touching a bit of code.
WordPress plugins undoubtedly are one of the most celebrated tech trends in the WordPress community. They are exceptionally versatile, from adding a small tweak or bringing dramatic changes to your site. Think of anything you need for your site and WordPress plugins will meet them all.
For example, you can:
- Customize the look of your website
- Boost your site performance
- Optimize your images
- Turn your site into an online store
- Create contact forms
- Enhance SEO
- Add a Learning Management System to your site, and tons more.
History of WordPress Plugins
WordPress plugins were first brought to life on May 22, 2004, with the third release of WordPress version 1.2 named Mingus. Before the release, users had to use their “hacks” to extend or add new features to WordPress. These hacks were a set of files, including instructions on what core needed to edit and where to insert code.
In fact, building a plugin system was the idea of a WordPress contributor Ryan Boren. Developers could make use of the hooks and filters in the WordPress core to “hook into” the site and run their custom codes. This system provided two significant benefits:
- Developers were free from editing WordPress core files. This allowed having WordPress updated without losing customizations.
- It saved non-tech-savvy users' effort from editing files, copying or pasting code. Everything would be more convenient by just activating or deactivating a plugin.
How do Plugins Work?
“Not to touch the WordPress core” is always a cardinal rule of WordPress development. This is because WordPress overwrites their core files with each update. As a result, any process of adding or extending its functionality must be done using plugins, rather than modifying the core files.
Plugins use a set of filters and hooks offered by the WordPress API to hook into the source code and integrate their functions. Each time you log in, WordPress connects to the database, then respectively loads the core files and active plugins. Any plugin installed is stored on your WordPress database, therefore, you can activate or deactivate them as you wish.
Where to Find Your WordPress Plugins
There are several places to look for plugins, depending on whether you want free or premium ones.
The best place to search for your free plugins is at the WordPress plugin directory of wordpress.org. This massive plugin repository also includes customer ratings and reviews, along with the number of active installations for each plugin.
As wordpress.org mainly offers free plugins, there are some kinds of premium ones you can’t find here. For premium ones, we suggest you visit CodeCanyon and WPMU DEV.
CodeCanyon proves one of the largest repositories of premium WordPress plugins, containing up to 7,200 available plugins in its stock. All detailed information about plugins, as well as user reviews and ratings are also provided.
Another abundant source of quality WordPress plugins is WPMU DEV. It offers a wide range of plugins, from ad managers, redirect, analytics to security, design, social media integration, and so on. Its unique style in offering products sets this site apart from most directories. After paying a membership costing $49, you’ll have permission to access all plugins, which can be installed on unlimited sites.
Asides from CodeCanyon and WPMU DEV, some developers choose to sell their premium plugins only on their websites, i.e, Password Protect WordPress Pro and Prevent Direct Access Gold. Therefore, using Google is always a helpful way to help you find out the right plugins for your site.
Use WordPress Plugins at WordPress.com - Can or Cannot?
Normally, users from self-hosted WordPress - WordPress.org can freely install and utilize plugins. However, the same scenario doesn’t apply to WordPress.com users.
Most of the time, you’re unable to install or use any plugins if you’re using wordpress.com. However, WordPress recently changes its policies. Third-party plugins can be installed by specific users who upgrade to WordPress.com Business Plan, which costs $25/month.
You’ve armed yourself with overall plugin knowledge. It’s time to discover the juiciest WordPress plugin statistics and facts 2021.
Juiciest WordPress Plugin Statistics 2021
- According to WordPress.org, there are over 58,000 free plugins on the WordPress plugin directory, with more added every day. With those massive numbers of plugins, no surprise that the total plugin download has reached more than 1,2 billion.
- Ilovewp.com reported that in data collected from April 2016 to April 2019, there have been 18,262 plugins published. In which:
- 57% of them have never been rated. (They have no review at all.) The average percentage of users leaving a review for a random plugin and a popular one respectively are 0.20% and 3%. (Source: Matteoduo)
- 18.3% of them have never been updated.
- Only 30 plugins (0.16%) have 100,000+ active installations.
- Around 68% of plugins released in the last 3 years have less than 100 active installations.
- Around 76% of plugins have a homepage link.
- About 47% of plugins have a donate link.
- The most popular e-commerce plugin, WooCommerce powers over 29.35% of all online stores. It’s been installed on 5 million+ websites with over 43 million downloads so far. There are over 300 WooCommerce extensions on woocommerce.com, more than 1,000 on wordpress.org, and certainly many more on other third-party stores.
- With more than 430,000 new weekly downloads and over 2 million active installs, Elementor wins the title of the most popular free page builder in the market.
- Thanks to MonsterInsight, companies have increased their profits by 126% and revenue by 50%. (source: MonsterInsight)
- Wordfence reveals that there are around 90,000 attacks every minute. Within Feb 2021, the plugin has blocked over 5,4 billion attacks as well as blacklisted 200+ malicious IPs.
- Up to Feb 2021, Akismet has blocked over 512 billion spam comments.
- CodeCanyon accommodates over 7,200 premium WordPress plugins, in which Ultimate Addons for WPBakery Page Builder (formerly Visual Composer) and Slider Revolution are the best sellers. (Source: CodeCanyon)
- Also, on CodeCanyon, 80% of searches concentrate on functionality. Users tend to look for plugin’s functions, such as forms, sliders, calendars rather than plugin’s names.
- Top 11 plugins have reached 7+ million downloads: WooCommerce, NextGEN Gallery, WordPress Importer, WP Super Cache, Google Analytics by Yoast, Google XML Sitemaps, Jetpack, Contact Form 7, Yoast SEO, All in One SEO Pack, Wordfence Security. (Source: Codeinwp)
- The top 6 plugins have marked over 5 million installs: Akismet, Classic Editor, Contact Form 7, Jetpack, WooCommerce, YoastSEO. (Source: Websitesetup)
Most Popular and Best WordPress Plugins of All Time
Receiving more than 215 million downloads, Jetpack marks its name as the most popular plugin of all time. Developed by Automattic, the plugin serves as a great versatile tool for security, backups, social media integration, and traffic insights.
#2 Yoast SEO
It can be impossible to find websites that don’t have YoastSEO installed. The plugin assists in improving the SEO score for your content to get a better ranking in search engines.
It allows you to optimize focus keywords, slug, meta description, SEO titles, and the alt text of your images. Plus, YoastSEO also brings forward tips for better readability such as the readability or passive voice rate. The plugin has currently achieved over 5 million active installations and 202 million downloads.
Coming as the second runner-up in this list is Akismet with over 188 million total downloads. It’s another product of Automattic whose main duty is to block spam comments. It’s estimated that around 5 million pieces of spam are caught by Akismet every hour.
#4 Wordfence Security
Wordfence has proved its popularity with over 121 million downloads. This plugin builds a firewall to protect your sites from malicious IPs and all kinds of attacks, including brutal force attacks. You can look for the latest threat updates about WordPress security statistics with Wordfence as well.
#5 Contact Form 7
This plugin enables you to create contact forms for your WordPress site. You can build multiple contact forms on the same site and easily integrate them with Akismet to prevent contact form spam.
The plugin wins praise from WordPress users as it’s free, effective, easy to configure, and suitable for both individual bloggers or businesses. It doesn’t knock the socks off that the plugin has over 112 million downloads.
When it comes to e-commerce WordPress plugins, WooCommerece is undoubtedly a champion. BuiltWith reports that up to Feb 2021, 4,414,537 live websites are using WooCommerce. Along with that, Barn2 pointed out more than 93.7% of WordPress online stores opt for the WooCommerce plugin.
WooCommerce has established an empire with enormous sources of themes and plugins. While ThemeForest contains more than 1,200 WooCommerce themes, the numbers of them even more on the WordPress theme directory, which is over 1,122. If you type “WooCommerce” on the WordPress plugin directory search bar, 980+ plugins are showing up with the word “WooCommerce” in their names.
Top 3 WordPress Plugins with Most Vulnerabilities
WP Scan emphasized that, up to 2020, there have been 21,936 WordPress vulnerabilities, of which 52% of them are related to plugins.
What’s more, in the most vulnerable WordPress plugins list summed up by Wpwhitesecurity, the top 3 centers on NextGEN Gallery, NinjaForms, and WooCommerce. Each of them shares 22 vulnerabilities.
Several security issues of NextGen Gallery have been spotted over the years. There were 7 vulnerabilities found, including XSS, SQL injection, and remote code execution from 2017 to 2019.
The most recent one was the SQL injection vulnerability which hackers could take commands on sites that had the plugin installed. Luckily, that problem was fixed since the plugin released version 3.2.11.
Ninja Forms has been reported with 10 known vulnerabilities, including XSS, remote code execution, and SQL injections. Many of them have been listed in the “Very High Risk” category.
Wordfence revealed that with the flaw found in 2018, what attackers needed was only a URL on the target site having a form powered by Ninja Forms (version 2.9.36 to 2.9.42).
There have been 19 vulnerabilities found in the plugin since 2014, namely XSS (Cross-site scripting), SQL injections, and privilege escalation flaws. One of the vulnerabilities tracked down in November 2018 proves that anyone assigned the role of “shop manager” could control the entire website if it was powered by WooCommerce.
Bonus: a Useless but Iconic WordPress Plugin
When it comes to WordPress plugins, you might think about what functions they possess or how powerful they are. However, the plugin we’re going to introduce is such an exception.
Hello, Dolly was one of the very first plugins written in 2004 by Matt Mullenweg, co-founder of WordPress. It’s pre-installed on any WordPress site. Whenever you activate your site, the plugin will display a random lyric from the “Hello Dolly'' song performed by Louis Amstrong on your dashboard.
Its description says: “This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. “
So, besides the sentimental value, the plugin doesn’t serve any practical purpose. No surprise that it received lots of 1-star reviews on the WordPress plugin directory.
However, despite its complete uselessness in functionality, Hello Dolly has amazingly reached the numbers of 800,000+ active installations so far.
We’ve walked you through various interesting WordPress plugin statistics and facts for 2021. Apart from that, you’ve also caught a glimpse into the history of WordPress plugins and how they work.
Started humbly as a basic blogging tool, WordPress has evolved to become a global platform trusted by dozens of world-famous brands. The more WordPress develops, the higher demand for plugins and their functionalities.
As WordPress users, we’re really looking forward to the new promising WordPress plugins with more unique advanced features soon.
Have we missed out on some significant WordPress plugin statistics? Do you have any fun or informative WordPress plugin statistics or facts to share? We would love to hear from you. Don’t hesitate to share with us your thoughts in the comments section below!