Are WordPress plugins safe

Most of us know that WordPress, Joomla and Drupal are the most used CMS all over the World Wide Web. In the same way, who is aware of the last statement, also knows that WordPress is the most intuitive among the three of them. WordPress allows a user without any programming knowledge to set up a new Web in few steps just using a template and some free plugins, and all this in a quite short period of time. However, we should be carefull with the plugins we install, specially when we have no programming knowledge. Why? Because the plugin may be functionally correct but it could also perform unwanted actions. So… are WordPress plugins safe?

The purpose of this post is not to inform you about the most downloaded plugins, nor the top ten WordPress SEO plugins, nor the top ten image edition plugins, nor the top ten cache plugins. In fact, this post is written to help you to answer this two questions:

  • Are WordPress plugins safe?

  • Is it safe to download third party software?

Short answer: Yes

Long answer: Yes, but…

I always say that “An Open Sourcer must be honest”, why? Because anyone can use free third party programms but, without the neccesary knowledge about programming, how do you know there is not a backdoor which allows an attacker to perform unwanted actions? (Well, an attacker never performs friendly actions) or how do you know there is not some kind of error in the application which allows exactly the same as in the question before? In other words, how do you know WordPress plugins are safe.

Another problem is the following one: Do you know that exist people living in front of their laptop, with green letters in black screen as in Matrix world, and wasting their lifetime searching for any kind of Web error throughout the Internet in order to take advantage of them? Yes, they really exist, and they love attacking WordPress and all of the most used plugins, specially security plugins and those which use external services. The latter is because it could be the most damaging and devastating attack.

At last, but not least: Do you know which are the folder and file permission settings in your server? A misconfiguration may allow writing malicious code into your files, which may make Google be confused and think that your site is infected by a worm or a troyan.

Finally, here I leave you a simple but useful decalogue so that your WordPress keeps always safe and you can choose the best plugins as well.

  1. Keep WordPress up-to-date.
  2. Download plugins recommended by other users.
  3. Download plugins still in development.
  4. Avoid plugins like “This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.”.
  5. Keep your plugins up-to-date.
  6. Rely only on plugins which are downloaded from the Official WordPress Plugins Web.
  7. Review your safety plugins.
  8. Make sure you have a backup system.
  9. Check the permission settings.
  10. Warn your Webmaster about irregularities.

So, are WordPress plugins safe?: Yes

If you liked the post you may want to share it.