WordPress Security Tip: Don’t Install THAT Plugin!

by in Security, WordPress

One of the many ways you can contribute to the safety of your website is by refraining from installing that plugin – you know, the one that does that neat little thing you need it to do, but might have been developed in 1983? Just say no.

When we took a cruise this past spring, the toilet lid had a sign that asked ‘You want to flush WHAT?’ The little sign went on to explain how your thing-that-doesn’t-belong-in-a-flushing-toilet could stop up toilets for many people on the ship, including yourself…and toilet-less vacations do not make for a happy situation. (Only *I* could possibly create an analogy between flushing and website security.) That reminded me of how a ‘simple little plugin’ could cause damage on a much larger scale than might seem possible.

Just like in any profession, there are many levels of expertise in the world of PHP and WordPress developers. Even a plugin by a good-willed developer can cause major harm to a website if it’s written badly, includes outdated methods, has security holes, or all of the above by exposing your website to security vulnerabilities. It seems so small, so innocent, this nifty little plugin. It just does this one cool thing – how could it hurt? Believe me, just like a little virtual q-tip, one bad little plugin – harmless as it might seem – can quickly give you the ‘wish I hadn’t done that’ feeling.  Not only can it break your website and make it behave badly like curly hair on a rainy day, it can leave your website vulnerable to security issues. Did I forget to mention it can also make your webmaster a little richer? Yeah, that too.

TrekVisual website plugins have either been built by us, or have been purchased from reputable sources that we’ve worked with and trusted our business to for years. You won’t have to worry about finding plugins that are safe, because we take care of all that niggly stuff for you. (I decided today I love the word ‘niggly’ – it’s so much fun to say). If the plugin isn’t built by us, the TrekVisual team carefully evaluates plugins sourced from other companies, long before we make them available to you. We kick the virtual tires, if you will, so you can just enjoy the ride. If you’re building a custom website with us and will be using our website monthly plan, we’ve got you covered. You won’t have to worry about unsafe plugins.

How do you know if a Plugin is safe? That’s a difficult question to answer, in a way that would be helpful to someone who’s not a coder. The short answer is, you don’t.

You might expect a plugin listed in the WordPress repository would be safe. You might expect a plugin you have to pay for would be safe. You might expect a plugin that’s been around for a long time and has a lot of great reviews is safe. None of the above are always going to be the case.

There was a very popular script (called “TimThumb”) a number of years ago. A security hole was found and exploited, causing major havoc in the industry. The script was SO widely used by WordPress users that, as a result of the vulnerability attack, caused many people to question the security of building WordPress websites. The script itself was not malicious, by far, but an exploit was found and taken advantage of by hackers, making the script a major security risk to anyone who used it. Though it had a long history and a solid reputation, one vulnerability made it insecure.

Soon I’ll be writing about our favorite plugins here in the TrekVisual blog, so stay tuned for more!

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.