Plugins are awesome, plugins save us time and plugins let us do incredible things with our blogs, but how many of them are safe to use?
Last week 30,000 blogs were compromised and investigation points to a plugin called ToolsPack, a set of administrative tools for WordPress, which includes a backdoor that attackers can use to gain access to your site. This is just one of many attacks that happen on WordPress websites and the problem is usually due to a badly written or compromised plugin.
A WordPress plugin at its core is just some programming code, written by anyone who chooses to do so. What this means is that we get a mixture of plugins, some written by experienced programmers and some written by inexperienced programmers and of course, some written by people with malicious intent. In both the latter cases, there’s always a chance that you’ll run into a problem. It’s not only these two cases that lead to problems though, there is also the case where a plugin is outdated and does not comply with new programming standards and thus allows unauthorized access.
Here are some tips to assist you in using safe plugins:
- Read reviews and look at ratings – All plugins on WordPress.org have an average rating and an area where people can leave a comment about the plugin. It is a good idea to look at the average rating and read through the reviews, it’s quite simple to weed out ones that may cause you problems.
- Check the compatible version – On WordPress.org, plugins have “Compatible to up:” and “Last Updated:” notes; don’t use plugins which aren’t compatible with your version of WordPress or aren’t being updated by their authors.
- Not listed on WordPress.org – By rule of thumb, a good piece of advice is to avoid plugins that aren’t hosted on the WordPress.org website, not unless they’re paid plugins that have a very good reputation.
- Update your plugins – WordPress alerts us in the Dashboard when plugins are out of date, make sure you keep your plugins updated.
Take your time investigating a plugin before merely activating it on your blog and you’ll reduce the potential for headaches down the line.