Are WordPress plugins a liability?

There are a lot of good reasons why one would choose to work with WordPress, but, as simple as everything may seem at first glance, there are a lot of aspects to be considered. For instance, the reliability of the plugins.

One of the CMS’s advantages is the variety of plugins available, both free and paid. However, you should know that some of them can seriously harm your website, others have backdoors and malicious scripts embedded and, at times, a simple mistake on the developers’ behalf can open a door for mischievous exploitation.

One good example happened recently, when FancyBox announced a serious zero day vulnerability and strongly recommended that everyone using it should urgently update the plugin to FancyBox 3.0.4 and monitor the site for infections.

This sort of things happens on a daily basis and, the more plugins you use, the more chances you have to get your website infected.

Today, there are about 28,000 WP Plugins in circulation, so what can you do to minimise the risk?

1. Choose only vetted and well rated plugins. Read the reviews, chances are, if there is a problem with the plugin, someone may have already noticed it.
2. Update regularly and immediately. Developers are constantly finding bugs and vulnerabilities and they usually create updates to deal with them. Make sure neither of your plugins is out of date. Ever.
3. Update WordPress. Same goes for the CMS. Make sure you always have the latest version. It’s free and it takes just a minute to upgrade. As a tip, if you are using a custom theme, always back up your files and deactivate it before updating WordPress. This way, you can make sure that there are no files overwritten and lost.
4. Backup everything before installing a new plugin. Some plugins can affect your website’s speed and performance and sometimes, when you click Activate, everything crashes. As if this wasn’t enough, there are cases when you can’t go back to how things were 5 minutes ago, so it comes in handy to have a recent backup.

Finally, the best advice would be to be careful, do your homework and install only the plugins you actually need.