13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

Security question: How nervous should I be about installing plugins?

by James Liberty
13 replies
I've heard that plugins can be hacked, which makes me a bit nervous about installing them. What are your thoughts on this? Should I keep the number of plugins to a minimum? Is there any way to know which plugins are secure?

Also, I don't know how to code. Should I periodically hire a professional to examine my plugins for potential security flaws? (If so, how much should I expect to pay for this?) Any tips?
#installing #nervous #plugins #question #security
  • Profile picture of the author Sven300
    Do not install plugins that you do not need.

    Do a little research before installing a plugin.

    Use the following tools:


    http://wpvulndb.com/plugins

    https://wordpress.org/plugins/p3-profiler/

    Good luck!

    P.S. Do not be too anxious.The risk is not so big if you are careful.
    Signature
    I'm a great believer in luck, and I find the harder I work the more I have of it. Thomas Jefferson
    {{ DiscussionBoard.errors[10568104].message }}
  • Profile picture of the author Gari
    Yes, plugin can be hacked... and your themes too. I don't know how to code either. So, my strategy is simple. I always read a lot of reviews about a plugin before decided to install it. Good luck!
    {{ DiscussionBoard.errors[10568107].message }}
    • Profile picture of the author rameshji
      Yes, It is possible. You are Right. If you install plugin. you have to chose best company then chose their plugin. it will help you
      {{ DiscussionBoard.errors[10568111].message }}
  • Profile picture of the author Markets
    Just remember this;
    always update them and only use trusted plugins.
    Signature
    "There comes a time when people get tired."
    {{ DiscussionBoard.errors[10568139].message }}
  • Profile picture of the author Mark Singletary
    One of the big issues is ensuring that the plugins you install are regularly updated and compatible with the version of WP you are using. In other words, don't install plugins that haven't been updated in several months.

    Many of the commercial plugins that you may get through the WF or similar type marketers, are never or rarely updated and support is lacking. There are exceptions but this forum is full of stories where this has happened to them.

    Plugins that you get from the WP repository have gone through some basic security checking before being put on there.

    Don't let the fear paralyze you or slow you down. Learn a little about security (strong passwords, security plugins, etc.), install updated plugins after you read reviews, install only those things you need, keep them and WP updated after installation, do regular backups of your important stuff and go make some money.

    Mark
    {{ DiscussionBoard.errors[10568142].message }}
  • Profile picture of the author Brent Stangel
    Should I keep the number of plugins to a minimum?
    Only what you absolutely need. It's not just security, but all your plugins are competing for the same resources. The more you add the greater the chance for conflicts.
    Signature
    Get Off The Warrior Forum Now & Don't Come Back If You Want To Succeed!
    All The Real Marketers Are Gone. There's Nothing Left But Weak, Sniveling Wanna-Bees!
    {{ DiscussionBoard.errors[10568149].message }}
  • Profile picture of the author Jason Kanigan
    You're worrying about something that is simply not worth the trouble. Especially if that worry is keeping you from moving forward.

    Wordpress has a repository and plugins are checked. Use up to date ones as others have said.

    Two of my sites (out of ??? I've owned since say 2010?) have been hacked. One was through a well-known contact plugin, through which they somehow sent a ton of emails from my site in a very short time. The second was a full-blown takeover that took a few days to clean up by a professional firm. Haven't had any trouble in the past two years, probably thanks to Wordfence.

    Some risk comes with every choice. Best to get on with it...be smart, but accept that it's part of doing business. You own a car...there's a risk somebody's going to break into it.
    Signature
    >> How To Grow Your Online Business [FREE Training Video, No Opt-In, from 10+ Year Vet]

    >> For Agency Founders: The Fast Shortcut To Selling SEO, Leadgen, Webdesign & Other Services
    {{ DiscussionBoard.errors[10568523].message }}
  • Profile picture of the author sbucciarel
    Banned
    I've been using plugins for many years and never been hacked via plugin. That isn't to say that it can't happen, but a little prevention can go a long way. I use several security plugins on my sites and only buy plugins that are updated regularly and keep my Wordpress installations updated as well. Worrying about it too much will just set you back. Keep backups of your sites and you will have no problem restoring them if someone hacks them.
    {{ DiscussionBoard.errors[10568991].message }}
  • Profile picture of the author MisterMister
    I remember when I first used wordpress back in 2008-2009 I used an adsense plug in to ad adsense to my blog and I was getting a lot of visits but no clicks on my adsense page, I was checking and then I found out the guy who made the easy adsense plug in was stealing clicks, he was putting his adsense code where mine was and getting the ad revenue.

    It was messed up.
    {{ DiscussionBoard.errors[10596193].message }}
  • Profile picture of the author Rahul Singh0
    frankly any web application can be hacked. You should avoid using wordpress If you are serious about security.
    Keypoints:- Its a CMS which is opensource. so anybody can audit. Not only plugins time to time there are security advisories on wordpress core too.

    Fear not. Always use firewall(Web application Firewall) and always see logs from your cpanel. If you can see something suspicious stay on alert.

    No you can't stop it at all. but you can save your traffic and data if you know its happening.
    {{ DiscussionBoard.errors[10596240].message }}
  • Profile picture of the author 60MinuteAffiliate
    Yes it can make your blog and hosting very vulnerable. Quite a few products have been released to help combat that. One of the more recent ones is WPShield. I've installed it on all my blogs and have found it very easy to use and very thorough in what it does. From memory, Chris Hitman is the seller of that product. His customer service is very good too and the product seems to be constantly updated which is very important.

    Hope that helps.

    Regards

    Colleen
    Signature

    Want To Learn How To Make 7K A Month In Minutes A Day?

    {{ DiscussionBoard.errors[10596248].message }}
    • Profile picture of the author JohnMcCabe
      I've always operated with a few rules...

      1. Keep plugins to a minimum. If I can accomplish what I want by adding a function or tweaking a theme template, I'll skip the plugin. Better security, and often a quicker site - as Brent said, all those plugins are competing for the same resources.

      2. Take security measures. Things like skipping the one-click install, using unique user names and passwords for databases, using good passwords for access and changing them periodically.

      3. Only use plugins that are maintained, and rarely venture outside the WP repository.

      4. If I stop using a plugin or theme, delete it. It can't cause trouble if it isn't on your server.

      Since adopting these rules, I've had no problems with hackers. Not that I couldn't be if someone wanted to work hard enough, but it's the same philosophy behind locking your doors with deadbolts. Yes, a thief could get in, but most of them will look for easier pickings.
      {{ DiscussionBoard.errors[10596641].message }}
  • Profile picture of the author Randall Magwood
    Before you install a new plugin, make sure you backup your entire Wordpress database first. The last thing you want is a destroyed blog/site all because of a faulty plugin - or a "kink" in the process.
    Signature
    ==>> Free book reveals make money with affiliate marketing
    {{ DiscussionBoard.errors[10596687].message }}

Trending Topics