The Risks of Using Plugins with WordPress
Plugins are a great way to add useful features such as visitor statistics, entry forms, social media add-ons etc. The number of plugins available for any WorrdPress site is growing on a daily basis and makes managing and running a website much easier by simply downloading, installing and activating a plugin for a specific task you want it to do.
Some of the most popular include Contact Form 7, W3 Total Cache, various SEO and security plugins. Some are free of charge and some come with small fees.
The reason for the popularity of WordPress plugins? Ease of use. All one has to do is visit wordpress.com for the list of plugins available and download as many plugins as desired with all the bells-and-whistles that come with each plugin to make any WordPress site more user friendly, more eye catching, more search engine friendly etc. etc. With all these extras available for WordPress sites, what could go wrong?
- Updates. Any plugin that is not being maintained and kept up to date is a security risk for any site as well as the dedicated server itself, not just a single website running WordPress. “Abandoned” plugins are all too frequent as the developer moves on to other projects or the plugin may not be as useful or popular in the WordPress community as hoped. Using an old plugin that is not updated on a frequent basis is cause for concern. WordPress.com also indicates wether a plugin has not been updated in quite some time, (hopefully) giving the user pause wether to download the software or not. A plugin that has not been updated in some time does not necessarily mean it is a definite security risk and vulnerable to exploits however, rarely ever is software created and considered “finished” and no more work is required on that software ever again. Other variables such as the Operating System and various dependencies running on the dedicated server will eventually change and updates are released and a plugin that is being left behind in the dust, may no longer even work properly or at all.
Depending 100% on an outdated plugin to perform a certain vital task may be leading to inevitable trouble. Webmasters should strongly consider alternatives in this scenario. In addition, plugins that are simply not being used need not be there and should be at least deactivated but better yet, simply deleted. A deactivated WordPress plugin can certainly still be a vulnerability. A trusted publisher is crucial before using any WordPress plugin on a live website.
- Slowness. Too many installed plugins running on a website is also not a good idea since they can slow down even the fastest of dedicated servers. Some plugins can be a real resource hog especially the ones thad have sloppy or lazy coding bringing down the speed of an otherwise snappy website. Deactivating a plugin to determine if there is a substantial speed increase will help as long as nothing is still cashed in the web browser. Although some user reviews have reported issues with P3 Plugin Performance Profile (WP, PHP version etc.), it can help in determining if there is a plugin that is slowing down a website and by how much.
Too many active plugins will certainly consume more resources and memory. Determine if all the plugins are a necessity and if not, then again, deactivate them. It will help speed things up, increase security and will result in fewer things to manage. Ithemes.com has a nifty feature called ithemes Sync that will keep an eye on plugins that need updating and automatically notify the webmaster. The plugin is free for the first 10 sites. A good tool to have to avoid constantly checking wether plugins need updating.
- Conflicts. Last but not least, too many plugins (or even just an unlucky few) can cause conflicts on a WordPress site. As mentioned earlier, sloppy code can not only cause vulnerabilities but also conflicts causing major issues with stability, speed and visitor abandonment. Website visitors never want to see text on a page displaying errors on which line of code is faulty, rendering the page or website inoperable. With some plugins having thousands of lines of code, there is a good chance of a conflict happening despite rigid coding guidelines that should govern all plugin development.