Being selective about plugins is so important. When I first started working independently, I was blown away by how much work could be had just saving people from the misery of Wordpress plugins. Not glorious work, but wow, you could work until the sun is gone just churning out plugin updates for Wordpress site owners.
Almost all of the problem plugins weren’t even that important to the site. Someone just added it at some point and left it, maybe for years. Then there you are running old code with known exploits. Of course you’re going to get hacked.
Although I didn’t enjoy that work, I did love how excited and happy my clients were that their sites were fixed. You can’t measure the misery and anxiety some people feel when stuff goes wrong with their websites. Fixing that, with php and Wordpress no less, was a great feeling.
All that is to say that I agree; only adopt plugins you really need with a reputation you’re comfortable with.
