Insecure plugins have been at the heart of numerous attacks launched from compromised WordPress site. One was patched this week in Jetpack, a plugin that’s been downloaded more than one million times.