Anyone who has used WordPress for more than 5 minutes knows how great it is to have the ability to add plugins to their website with the click of a button. But, sometimes, because it is so easy, it is overused and could even be letting in unnecessary security risks to your WordPress site.
When you install a plugin you get both the good and the bad. You get increased functionality, but you also get security risks. This is because you are adding more code to the backend of your site, to drive your increased functionality, and the more code you have, the more ways a hacker can find to enter your WordPress site and do whatever they please to it. Yikes!
Hackers Aren’t Interested In My Site – It’s Small
Many a small website owner has thought, “oh, that will never happen to me because I am of little interest to a hacker,” only to find out it really doesn’t matter. The majority of hackers aren’t looking for financial data or things to steal from a website (although these tend to be the most high profile ones that make the news), but rather to simply be malicious and wreak havoc. Most just enjoy the conquest and being able to break into a site. It’s actually the “little guys” they prefer to go after, because they make it easy for them. Don’t live under the false premise that your site is immune.
I am often called upon the clean up a WordPress website that would seem like the last a hacker would want to infiltrate. But, when they do, the damage can be a costly recovery, because the website owners did not have proper procedures in place before the attack occurred.
This is why I suggest that website owners get on a monthly WordPress Maintenance Plan with a provider who can handle the tedious monthly tasks that should be done to help thwart attacks in the first place, but in the unlikely event that they happen, put proper backups into place for faster recoveries.
Plug Up Your Plugin Holes
One of the areas we tackle in our maintenance work for clients is plugins. Plugin developers will regularly release upgrades to their code to fix things that have been reported as broken, or plug up security holes in their code. So, it is important to make sure you are keeping your plugins up-to-date.
As one can imagine, when a site has a lot of plugins it can become overwhelming to stay up-to-date on all of them by yourself. This is one of the reasons I suggest that WordPress owners minimize the number of plugins they use.
Another reason is code bloat. The more code you introduce into your site, the longer it takes for a browser to load it. A slow website, due to code bloat, is not a good thing.
Sometimes Plugins Are Good
But, for all the caution, let’s not forget that plugins can be a good thing too. The right plugin can save hours of time in custom PHP coding by a developer (and save you lots of money in the end). So, if you need a plugin, and it has a reason for being on your site, by all means install it.
But, I suggest following some plugins best practices to make sure you are getting the most out of your plugins, with the least amount of worry and concern.
Best Plugin Practices
Decide if you really need that plugin.
Determine if the plugin you are considering is one that you really do need. Problems occur when people install plugins and then simply don’t use them. One click installs make it almost too easy to test out new plugins and then forget to uninstall them if you decide against them.
Know where the plugin comes from.
It’s generally best to install plugins only from the official WordPress repository. On occasion I will use a premium plugin that is purchased from Envato Market, but not without first thoroughly reading reviews and vetting the developer.
Vet the developer and source of the plugin.
When you are considering installing a plugin, whether from the repository or elsewhere, always check out the reviews and support section. Keep in mind, they can be skewed to a certain extent, because, let’s face it, when something is good or works well most people don’t bother reporting it and just go about their business using it as it was intended. But, if you are seeing the same problem reported by multiple people, something may be wrong there.
Check the number of downloads.
Generally a plugin that has been downloaded hundreds or thousands of times is going to be a safe bet. Look at those numbers, along with reviews and support requests.
Do an audit of your existing plugins.
Check out your installed plugins and look at what you have in there. Sometimes people will install plugins and then forget to remove them if they don’t work out. Don’t simply just deactivate them (the code is still going to be in your backend), but actually delete a plugin if you aren’t using it. That way you don’t have to continue to do updates on unused ones, when developers release them.
Make sure you are updating your plugins regularly.
Be sure to keep your plugins, as well as your core WordPress files and themes (even unused ones), updated. Even the plugins that are installed but not activated must be kept updated. Maintain a consistent schedule for your updates and do it often.
Something to keep in mind, and I have had it happen on sites I maintain, is sometimes a plugin update can “break” a website. Be sure you have a recent backup of your site before doing any updates to cover yourself.
This is where having a WordPress Maintenance Plan to handle these things for you comes in handy. They backup the site, do your updates, check the site and then can recover it quickly should any problems have occurred to bring it down in the process of updating – and yes, it can happen, which is one of the reasons many people are hesitant to update things when they should really be doing so.
Many people consider a WordPress maintenance service an insurance policy investment in their business to make sure their site runs smoothly at all times.