How risky are WordPress plugins
Risky, badly written plugins are the main way that attackers gain access to WordPress sites. Reducing your plugin security risk is one of the most important aspects of protecting your site. There are a number of things you can do to limit this risk.
Use as Few Plugins as Possible
You need to remember that every plugin you add to your site requires you to trust that the unknown person has written secure code, responses quickly to vulnerability reports and keeping your best interests in mind.
Only Download Plugins From Reputable Sites
If possible we recommend that you limit your plugin downloads to the official WordPress.org plugin directory. A great team of volunteers manages it, alongside a large community of users and security researchers helping out.
If you need to download a plugin from another site, you can use these tips to help determine whether the site is reputable:
- The site should pass the “eye test”: professionally designed and using clear language to describe the plugin.
- Look for a valid company name in the footer.
- Terms of service and a privacy policy readily available.
Choose Reputable Plugins
The WordPress.org plugin directory makes it really easy to evaluate plugins by providing a nice summary that gives you almost everything you need. Here’s what we suggest you pay attention to:
- The more recent the last update, the better.
- Check the number of active installs the plugin has. Some reliable and useful plugins have low install numbers, but you should still examine a plugin carefully if it has a low install base (below 1,000 active installs). It may not be maintained.
- It should be compatible with the current version of WordPress, though please note that immediately after a WordPress core release, a lot of reputable plugins will show a “Test up to:” value that is behind, as authors finish testing their plugin with the latest WordPress version.
- The average plugin rating should be high enough to instill confidence. The higher the rating, the better, obviously.
You should also periodically review your installed plugins to make sure they have maintained their good standing.
Delete Plugins Immediately When You Stop Using Them
We have written at length about the fact that the best way to secure data is to get rid of it. The same concept applies to WordPress plugins: removing plugins reduces your risk.
Keep Your Plugins Up to Date
Security vulnerabilities are constantly being discovered in WordPress plugins. In many cases, the details of the vulnerability will be made public, meaning that the entire world is given the information necessary to exploit the security vulnerability.
Many plugins like Wordfence include an auto-update feature. You should enable this in as many plugins as you can. For those for which you can’t, you should update to the latest version as soon as possible, especially if it includes a security fix.
Replace Abandoned and Removed Plugins
Have you ever started a project or hobby and gotten bored with it? That happens to WordPress plugin authors, too. In fact, it happens a lot. Does that mean that they include a security vulnerability? Most likely not. What it does mean is that they represent a much higher risk than actively maintained plugins. We recommend that you not run plugins that haven’t been updated in over 2 years.
Adwords (1)
Branding (13)
- Branding 101
- Why we don’t offer standard prices
- Graphic Design Brisbane
- How much should we spend on corporate rebrand
- How to choose a domain name
- Review of latest free web safe Google fonts
- Logo Design
- Logo Design Brisbane
- Is Company Branding Important to Logo Design?
- Questions to consider before building your website.
- Redesigning logos the right way
- Small business branding or Product branding ?
- Why redesign a website
CMS (3)
CSS (6)
Graphic Design (6)
Javascript (1)
PHP (3)
SEO (5)
tech support (5)
Web Design (10)
- Difference between fluid, reponsive & adaptive design
- Why we don’t offer standard prices
- Example of working print.css file
- Graphic design is more than just logos
- Why pay to maintain my website
- Questions to consider before building your website.
- Sample reset css file for web project
- WordPress – 5 reasons why you should use it
- Why redesign a website
- WordPress – Why not to use it.
Web Development (10)
- How risky are WordPress plugins
- Displaying dates using PHP
- jquery conflicts – how to avoid
- Modify the admin menu bar in WordPress
- Why pay to maintain my website
- Questions to consider before building your website.
- Recent updates to Google search results explained
- Sample reset css file for web project
- Why upgrade WordPress if it’s working
- Use Transient to speed up WordPress
Wordpress (17)
- How risky are WordPress plugins
- Bootstrap & Less – compile online
- How important is https for my website
- Create content that will be read
- Modify the admin menu bar in WordPress
- Why upgrade WordPress if it’s working
- Use Transient to speed up WordPress
- WordPress – 5 reasons why you should use it
- WordPress – adding Google Fonts
- WordPress – CF7 – select fields – CPT
- WordPress – what plugins should developers use
- WordPress – Tinymce extra plugins
- WordPress – Why not to use it.
- WordPress working with ACF Pro
- WordPress – working with cookies – Javascript
- WordPress – working with cookies – PHP
- Displaying categories in sidebar using javascript, jquery & php