Avoiding plugin security nightmares

One of the fantastic things about WordPress and the wider ecosystem that surrounds it is the way you can extend your WordPress site to do cool stuff using plugins.

The official WordPress plugin repository has tens of thousands of options for adding functionality to your site, many of which are terrifically useful. However, choosing the wrong plugin can have devastating consequences on your site.

Some of the problems that a dodgy plugin can cause include:

If this leaves you feeling a bit paranoid about your use of plugins – GOOD! Plugins are not something that should be considered lightly.

Here are some questions to think about when mulling over whether using a particular plugin is a good idea:

Obviously there are often exceptions to all the above – but these basic questions are a good place to start.

An additional key point is to always keep your plugins up to date. Make sure that when updates come out, you apply them to ensure that any security holes the developers have identified get closed as soon as possible.

For more detailed assessments of a plugin’s trustworthiness, head over to dxw’s security site. Every time the team audits a plugin for a client, the outcomes are published, ready for you to search and make use of of. Obviously not every plugin ever made will be in the database, but a lot of the common ones are, and a quick check could save you a lot of time and, potentially, stress.

All the sites dxw build and host are subject to this kind of scrutiny to ensure that they and the plugins they rely on are secure. We can also provide this assurance work for other clients, where we don’t host the site. Interested? Drop us a line.

Our very own Duncan Stuart gave a talk in April to the London WordPress group on the topic of WordPress security, which goes into some detail when it comes to plugins. Here’s the video so you can glory in its excellence.

For the completists amongst you, you can also download a PDF of Duncan’s slides.

Any questions about plugin security? Ask away in the comments!