Only Install Reputable Plugins

As a WordPress Admin you can use plugins to extend the functionality of WordPress and accomplish many things. Gravity Forms allow drag-n-drop forms, Woo Commerce plugin is a full shopping cart, and many, many more.

As invaluable as plugins are, they are a key way to introduce vulnerabilities into your WordPress implementation. Plugins that are poorly implemented, not maintained, or are used to harvest and report information are among the most common ways to hack a WordPress site.

When installing a plugin, make sure it is from a reputable developer; check when it was last updated; look at the number of ratings; make sure the ratings are good (preferably between 4 and 5 stars); and look at the number of active installations (10,000 or more is reasonably good).