WordPress Plugins — What are the dangers?
According to its website, WordPress powers about a quarter of the internet and that statistic is easy to believe. The service is pretty much synonymous with blogging and it is the framework behind many successful ecommerce sites.
There are lots of reasons why WordPress is popular but two of the most important are its many themes and the way you can increase its (already impressive) functionality with plugins. But just because you can, it doesn’t necessarily follow that you should.
The market for WordPress plugins has a whole lot more in common with the Google Play Store than it does with Apple’s App Store. Bluntly, it’s a digital jungle and, while there are some genuinely great WordPress plugins out there (currently Jetpack, Yoast and Akismet are arguably the three must haves for any WordPress site), there is an awful lot of dross on the market too, which can cause you major headaches.
The fact that these headaches are usually the result of incompetence rather than malice is probably small consolation.
And while it may be tempting to add a plugin for every eventuality, having too many on board can lead to a sluggish site that takes forever to load. Only install plugins that really benefit you and your users, and remove any that don’t prove their worth.
For many people, the obvious solution to WordPress security problems is to do a search of existing plugins for the word ‘security’ and download the one that looks the most promising. But how can you find out which is the best to use and avoid getting yourself into further trouble?
Check the WordPress vulnerabilities database to find the plugins that are responsible for the most — and the latest — security risks. Be aware, too, that just because a plugin has the words ‘security’ or ‘spam’ in the title does not mean it is the answer to your prayers: some suspect code is hidden within fake security plugins.
Avoiding plugins completely is unnecessarily extreme, as many offer valuable functionality to your website. Instead, we’d suggest reading current reviews carefully before deciding whether or not to proceed with them.
The reason we’re emphasising the word “current” is because what frequently happens with WordPress plugins is that the original developer simply loses interest and moves on to something else. This means that what was once a decent plugin simply becomes outdated as both WordPress and the internet move on.
Plugin Vulnerabilities is a plugin that scans all your plugins and their latest updates and vulnerability notices and will make sure there are no known issues with the software you already have installed. Harsh as it may sound, some people also hold off on installing any brand-new plugins until they’ve had some user feedback. Let experienced WordPress users and testers try them out and wait until a few reviews have been posted and the plugins have proved themselves.
If something is going wrong with your WordPress site, plugins are a good place to start to try to establish the cause. Disable every plugin you own and turn them back on, one by one, to see at which stage your site falls over again. When this happens, it is most likely the last plugin you enabled that is causing the problem.
Even if it’s a plugin you have used for a while, an update to WordPress or to the plugin itself can cause your site to break and behave strangely.
Also, make sure you avoid plugins that have not been updated by the developer for some time. As well as risking incompatibility with updated versions of WordPress, they can cause a cyber security nightmare if the plugin is hacked and exploited. For this reason, avoid plugins that have been abandoned by their creators, and always update plugins, themes and WordPress when new versions are available.
Originally published at weseenow.co.uk on October 16, 2017.