I am often asked by clients whether they should host their own WordPress site or use the Automattic offering where they don’t need to worry about hosting etc. There are of course many pros and cons for each approach but of course one of the biggest attractions of going the self-hosted route is that you gain access to the massive library (currently over 370,000!) of WordPress plugins which are at your disposal.

So what is a plugin? Briefly, a plugin is a software application that adds new features or extends the functionality of WordPress websites. They are designed to integrate seamlessly with WordPress and are generally installed automatically at the push of a button. This is of course extremely powerful, providing you with the ability to add basic functionality or sophisticated add ons such as Ecommerce/shopping cart solutions etc. to your website.

One of the attractions of platforms such as WordPress is that they regularly update their software and they also deploy these updates automatically. These updates may add functionality but most importantly, they also patch security vulnerabilities that occur from time to time. When adding plugins to your website, you need to exercise caution because you may unknowingly be comprimising your site’s security.

Fortunately, as you can see from this screenshot, the WordPress environment provides a number of clues as to whether thWordpress pluginsey are advisable or not. So what should you look for when evaluating plugins for your WordPress website? Here are a few tips to ensure you keep your website safe and secure when using plugins.

  1. Check how long it has been since the plugin was last updated. Has it been years since it was updated?
  2. Visit the WPScan Vulnerability Database at https://wpvulndb.com/ and check whether there is any mention of the plugin in the Latest Plugin Vulnerabilities listing on the site.
  3. Check information such as the Average Rating, whether it is compatible with the current version of WordPress and the number of active installs. A low installation number can be a hint of a plugin that is not maintained.
  4. Finally, take the time to look at some of the reviews, ensuring you read some that are less than a 5 star rating where they are present. This will give you further insight into the plugin such as their quality of support.

Remember, always be mindful of what plugins you use with your WordPress website and take the time to appraise them first.

Filed under: Wordpress