Connect with us

Are WordPress plugins a security risk for your website?

security

Are WordPress plugins a security risk for your website?

Plugin Risks

Plugins are simply bits of code that you add to your WordPress website to extend its functionality. We use plugins to display videos, combat spam, connect to social media, and a host of other things. No matter what you want your site to do, there’s probably a plugin for it. But are they safe to use?

Generally speaking, yes. You do have to keep in mind that they are created with PHP code, just like WordPress itself. And because they’re written in PHP, they can potentially open doors for hackers to use.

Here’s the bigger issue, though: There is no licensing or governing board for plugin development. Anyone can write and distribute a plugin for WordPress, but not every developer is stringent about security, and not all plugins are properly maintained. If you’re using a plugin from a less-than-diligent developer, it could potentially leave your site vulnerable to attack.

Choosing Good Plugins

But just because plugins may create a risk doesn’t mean you shouldn’t use them. In fact, you’d find it pretty difficult to run a WordPress site without any plugins. It does mean, though, that you should practice due diligence when choosing which plugins to use.

  • Only use plugins from known sources. Never download a free plugin that cannot be found on WordPress.org. Paid plugins are obviously not available for download there, but if it’s free to use, you should find it in the repository.
  • Only use plugins that are maintained. Check the last time it was updated. If it was more than a few months ago, look elsewhere.
  • Only use plugins whose developers are involved. Every plugin on WordPress.org has its own forum where users can ask questions. If the developer isn’t answering those questions, that’s a bad sign.
  • Keep your plugins up to date. Follow security WordPress security bloggers such as WPSecurityLock.comSafeWP.com, and Sucuri.net to stay updated on vulnerable plugins and make sure you upgrade them as needed.
  • Limit the number of plugins you use. They can and do conflict with each other, so it’s a good idea to keep your plugins to a minimum.
READ  WordPress Housekeeping: First Steps

Security Plugins

So with all that said, does Evan have a valid point? Do security plugins increase your risk of being hacked?

I don’t think so.

The two plugins I recommended meet all my criteria above. They’re well known, frequently updated, and both have security-conscious developers. I don’t have any concerns about using either plugin on my and my client’s blogs.

Now you could recreate the security functions of these plugins without actually installing them. You could browse your server logs and ferret out the IP addresses of bad guys, then add code to your .htaccess file to keep them out. You could add some more code to your functions.php file to hide your WordPress version. You could even check to see that your core files haven’t been changed recently. Or you could let WordFence do all that for you.

I’ll let WordFence handle it, thanks.

As with nearly anything in life, security plugins have their pros and cons. In this case, I believe the good far outweighs the potential for bad, and I think most WordPress users would agree. After all, who wants to go poking around in the .htaccess file to accomplish something that can be done with the click of a button? Not me.

No votes yet.
Please wait...

We are a WordPress plugin developer company that focuses on useful WordPress plugin creation and empowering people to earn passive incomes from their blogs. We build unique and groundbreaking plugins that will revolutionize your blog!

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in security

Sign up for our newsletter and get a free affiliate e-book!


About Me:

Szabi Kisded

Hi, my name is Szabi and I'm documenting my journey selling plugins on CodeCanyon. I will show you every step of it: learning to code, plugin ideas, WordPress stuff and more. Read more…

Mega Plugin Bundle:

CodeCanyon Portfolio:

Learn to Code Plugins:

Latest Promotions:

Recommended Theme:

Start Your Own Blog:

Recommended VPN:

Translate Your Blog:

AdSense Alternative:

Best Article Spinner:

Popular Posts:

Latest Posts:

To Top