WordPress Plugin Security

Jun 4, 2016

WordPress plugins are the icing on the cake, or are they?

There is no denying that everyone has a use for a plugin, after all it allows you to create a site that has all the functionality you require.

Plugins are the one key feature that has made WordPress the most popular choice for webmasters. It allows anyone that knows little or no coding knowledge to maintain and create a powerful site and for those that know how to code saves significant development time.

So should I use plugins?

Absolutely you should providing that you can answer yes to the following:-

  •  My theme doesn’t  have this functionality already?
  • Is the issue I’m trying to solve or the functionality I’m trying to provide necessary?
  • Is there a plugin that helps you find a solution?

So if the answer is Yes then you need to start looking for a plugin.

At the time of this post there are 44,966 plugins in the WordPress plugin directory, and may premium plugins from other sources, so its pretty safe to assume that you will find a plugin that suits your needs. Plugins make your site more powerful and to fit your needs.

Where there is power there is responsibility.

Plugins from the WordPress plugin directory are not vetted at code level so there are malicious or insecure plugins out there and to be fair when WordPress learn of such plugins they do remove them from the directory.

Which plugins should i install?

Its really dependant on what functionality you want from your site however there are a few things you can do to ensure that your as safe as possible.

When your looking at a plugin check the following:-

  1. Check when it was last updated, plugins that are not updated on a regular basis may no longer be supported by the developer and may be insecure or don’t work correctly.
  2. Is the plugin author/ Developer activly supporting the plugin?
  3. Check how many downloads the plugin has had.
  4. Check how many reviews its had a plugin that’s had 100,000 downloads with 1 review would require further investigation.

Also there are resources out there that can give you a really good insight into which plugins are secure and what isn’t.

  • The WPScan plugin vulnerability database this shows you an A-Z of plugins the vulnerability and the patched version if available. Also the home page shows you the latest issues including WordPress core issues.
  • Securi Blog is a fantastic resource as well as they will update you on any new issues found on any CMS platform.

There are many more but these are a good starting point.

Plugin good practice

However all you need to remember is any CMS is only as secure as its weakest point, so its worth following the above guidelines and the ones below

  1. Always keep your plugins and core files up to date by logging in weekly and checking what needs updating
  2. Ensure that any plugins that are not activated are also updated, they can still be hacked
  3. Following on from the above point remove any plugins not being used, and only install when you need them
  4. Don’t use multiple plugins with the same functionality

Only use plugins that you actually need, every plugin you add you need to keep updated, the more plugins you have the higher security risk, the more plugins you have you have gives a higher chance of plugin conflicts and finally could slow your site down.


WordPress plugins are the icing on the cake, or are they? Yes they are, they add the functionality to your site otherwise not possible with standalone WordPress install. Using just the plugins you really need from a reputable source, that’s being actively supported will ensure you get the site and functionality you want with minimal risk.

Enjoy your site and the development of it.


Monthly Archives

Video Tutorials

Follow Us

cPanel Hosting
CloudLinux Hosting
imunify360 protected
Softaculous 1 click installs

Pin It on Pinterest

Share This