3 Greatest Practices for Deciding on Safe WordPress Plugins

Like most WordPress customers, you most likely rely closely on plugins to energy a few of your web site’s most important duties. Nonetheless, it’s necessary to grasp that not all plugins are equally ‘secure’ to make use of.

Figuring out learn how to spot safe WordPress plugins is essential to minimizing vulnerabilities attackers can exploit. Thankfully, there are a number of qualities that may tip you off as to if a plugin is secure to make use of.

On this article, we’re going to stroll you thru the most effective practices for choosing safe WordPress plugins. Earlier than we get began, let’s speak about plugin vulnerabilities usually!

Why Plugins Can Make Your WordPress Website Much less Safe

While you launch a brand new WordPress web site, you utilize a ‘clear’ model of the Content material Administration System (CMS). Meaning its code hasn’t been modified in a significant means (though some hosts do make small tweaks and additions), and it needs to be secure to make use of.

The second you begin increasing on that codebase with plugins, you start so as to add potential vulnerabilities to your web site that hackers can exploit. In a means, the extra plugins you utilize, the much less safe your website turns into.

Utilizing the ‘unsuitable’ plugin could cause compatibility points, open your website as much as Structured Question Language (SQL) injections, Cross-Website Scripting (XSS), and extra. That’s not an exaggeration both – WordPress is so common that new vulnerabilities pop up each day, even inside well-regarded plugins.

Exercising sound judgment when choosing new plugins is all about minimizing these dangers. For instance, you possibly can virtually eradicate the specter of SQL injections by finishing up normal upkeep comparable to updating WordPress and your plugins. These duties shouldn’t take a lot time, and go a good distance to assist defend your web site.

3 Greatest Practices for Deciding on Safe WordPress Plugins

There are a number of indicators that may assist you possibly can spot safe WordPress plugins. Nonetheless, you additionally could wish to reduce the general variety of plugins you utilize usually. When you have any in your website that you simply don’t really need, uninstall them – it’ll assist preserve your website secure.

For conditions once you completely want to make use of a plugin, preserve the next finest practices in thoughts when choosing one.

1. Search for Plugins that Obtain Common Updates

If a chunk of software program receives common updates, that tells you its builders are actively working to take care of it. Meaning implementing new options, making modifications, and patching safety vulnerabilities.

The extra outdated a plugin is, the extra time attackers might need needed to go over its code and discover methods to interrupt into websites that use it. Maybe its requirements are deprecated. It might not even be suitable with the most recent model of WordPress:

As a rule of thumb, we don’t use plugins that haven’t obtained updates over the last six months. Should you’re navigating the WordPress Plugin Listing, you possibly can simply test when any plugin was final up to date by trying on the abstract on the precise aspect of the web page:

It’s also possible to check out every plugin’s changelog by perusing the Improvement tab, as seen above. With that info, you possibly can see a fairly clear image of how energetic the plugin’s builders are.

Understand that a number of updates don’t essentially imply the plugin you wish to use is secure. Nonetheless, so far as indicators go, it’s often a great signal – and one which’s fairly straightforward to identify.

2. Examine Out Plugin Opinions and Pay Particular Consideration to Low Scores

Most of us are already accustomed to utilizing opinions to assist us make knowledgeable buying choices. Nonetheless, it’s necessary you not solely apply this ability to choosing your subsequent smartphone but additionally once you’re contemplating which plugins to make use of.

Naturally, you wish to focus your consideration on plugins which have excessive scores. We personally favor to stay with choices which have scores of over 4 stars, which helps us weed out plugins that give customers lots of complications:

Nonetheless, excessive scores don’t inform the complete story. In lots of circumstances, you’ll run into plugins which have wonderful scores, but additionally loads of low scores. Taking a look at these detrimental opinions typically reveals the commonest issues individuals encounter when utilizing the plugin:

Let’s face it, generally individuals evaluate plugins negatively for causes that make little sense. Nonetheless, these sorts of opinions are sometimes straightforward to identify, so try to be secure exercising your judgment.

Premium plugins with their very own pages typically pose a harder problem. They won’t embrace opinions in any respect, during which case your finest guess is to search for third-party opinions utilizing a search engine.

For hottest plugins, yow will discover a minimum of some opinions on-line for those who look arduous sufficient. Should you can’t, it’d imply the plugin is just too new or too few individuals are utilizing it, which brings us to our subsequent level.

3. Keep away from Plugins With Few Energetic Installations

The less energetic customers a plugin has, the much less real-life knowledge there’s about potential points. For instance, the plugin might need a number of compatibility points or particular vulnerabilities. Till a major variety of customers set up it, there’s not sufficient info to go on relating to how safe it’s.

So far as finest practices go, this one could be a bit tough. In spite of everything, new plugins come out on a regular basis, and lots of them supply superb options. With out individuals testing them and taking small dangers, some plugins could by no means get the eye they deserve.

These are all legitimate factors, however you additionally have to take your web site’s security into consideration. To offer you an instance, for those who run a web-based retailer that brings in tons of or hundreds of {dollars} per day in gross sales, testing new plugins blindly isn’t a sound concept.

We favor to give attention to plugins which have a minimum of 1,000 energetic installs. At that time, plugins are prone to have a number of updates underneath their belt and a number of opinions. That’s greater than sufficient info so that you can determine whether or not they’re secure to make use of or not.

You may, in fact, attempt your hand with newer or lesser-known plugins, however be certain that to do it safely. Meaning all the time backing up your web site and utilizing a staging website when attainable.


Each plugin you put in in your web site represents a possible assault vector. That sounds dramatic, however each time you activate a plugin you add extra code to your web site. If the builders made a mistake or didn’t comply with safe practices, that code could make your web site extra weak to hackers.

The subsequent time you’re trying over potential plugins, preserve these finest practices in thoughts to decide on essentially the most safe choices:

  1. Search for plugins that obtain common updates.
  2. Take a look at plugin opinions and pay particular consideration to low scores.
  3. Keep away from plugins with few energetic installations.

Do you have got any questions on learn how to choose safe WordPress plugins? Let’s go over them within the feedback part under!