One thing we all love about WordPress is the fact that we can easily add new features to our Websites without having to know much about programming and coding. Just add a Plugin that does what we want and we’re off to go.
However, WordPress Plugins shouldn’t be added without thinking them through. Not all of them will work well together with other installed Plugins or with certain Themes. Plus, the more you add plugins to your Website, the more you can put your Website’s security at risk.
What Makes Plugins Dangerous?
The reason why Plugins can be security risks is that they add new codes to your WordPress installation that hackers can exploit. Some other Plugins are messing with our WordPress Installation database, that is specifically something that hackers want, weak points in our databases. WordPress is open source software, and most free Plugins are too. Hackers can easily find out how they are coded and find vulnerabilities they can use to access any Website that uses those Plugins. When you’re using Plugins, you need to make sure that they are maintained and regularly updated. If they aren’t updated regularly, hackers have more chances of finding weak points.
Another risk, especially if you are using Plugins you didn’t download from a trusted sources, is that they could be from hackers themselves. In that case, they will contain malware that hackers can use to access your Website once you installed them. That is why I urge you to not use free Plugins you found online if you don’t know who created them and if you don’t know their reputation. The Plugins in the Plugin repository at WordPress.org are safe to use because they were checked before being approved.
RESEARCH! – the best way to prevent problems is to use Plugins only when absolutely necessary. That doesn’t mean you can’t use them, or that there is a maximum number of Plugins you should have. What it does mean is that you need to do your research before installing them on your Website, to only add Plugins you are actively going to use and to not add plugins that duplicate each other.
Another great way to find out more about a Plugin is to look at its history in the directory where you found it. For example, the WordPress plugin repository has a support forum. It’s a good place to see what problems users have had in the past and how the Author/s responded to them.
You should also look at the updates history of the Plugin. This one can be tricky though and it requires some common sense. No update can mean two things: either the Plugin has always worked well (usually when it’s a small feature it adds) and doesn’t need updates or the Author just doesn’t care about keeping the Plugin working well. A lot of updates can be a bad sign too, because this might mean that there were a lot of problems in the past. However, it could also mean that the Author kept improving the plugin because they wanted to create something awesome without there being any risks at all. Good plugin Author will create a changelog with the changes each update brought, so you could look at that to see if the updates were for glitches or problems, or if they added extra functionality.
The last thing you can check at is the popularity of the Plugin. Usually, if a lot of People are using the Plugin, it should be a good sign. In that case, if all the rest of your research adds up, you should be save when using the plugin.
Delete Inactive Plugins – Good Practice!
Most People collect a lot of plugins over time. Some you keep using, others you replace by other Plugins with the same functionalities and sometimes you just don’t need them anymore. In the last two cases, the Plugins you aren’t using anymore shouldn’t just be deactivated, but should be deleted completely. Even when they aren’t active they could be used by hackers to gain access to your site.
Don’t lose patience
When you’re new to WordPress and you learn about all the fun stuff Plugins can add to your Website, it’s hard to resist adding every single one of them. This is normal human behavior. But just try first to set things in your new WordPress installation, without usage of Plugins and see how far you can come with that approach. Then, when you just cannot set something by yourself, find a Plugin.
I have Websites that have up to 15 Plugins, but I also have Websites that only have one or two Plugins, because they don’t need the extra functionalities. Too many Plugins or not too many doesn’t mean you’re protected or not. It is not the number of Installed Plugins we are talking about, it is about good or bad created and coded Plugins.