Plugins and Themes – Which should I choose?
So far in this series, we have looked into the importance of updating the main WordPress installation and how to go about doing it. As much as we’d love to say that your website is now completely secure, there is still more work to be done. This involves looking at the plugins and themes that can be installed and used within your website.
Plugins and themes can offer completely new looks for your WordPress website and powerful tools such as social media and forum add-ons too. Ultimately, they allow you to make your website look better and contain more advanced features without you needing to be a technical genius and create them from scratch. Great right? Usually the answer is indeed yes. However, with so many plugins and themes widely and freely available for you to use, how do you know which ones can be trusted and which can’t?
The main thing to remember here is that your website will only ever be as secure as the most insecure plugin or theme that you install. You might have just installed an awesome new plugin which has allowed you to start selling your new product range directly via your website or shows your family photo slideshow with lots of special effects. But what is to say that the publisher has not included a secret backdoor within the plugin that allows them to access, copy and make changes to your “secure” website files?
If a particular plugin or theme is insecure then this allows a weakness through which people can exploit your website. This means that your website will then be exposed to the same risks as discussed in our first post of this series (viruses, malware, phishing, spamming etc.).
Therefore, we would highly recommend that you follow our guidelines below before installing any form of third party plugin or theme:
- Download directly from the WordPress website
You will generally find that the plugins and themes which are offered are more secure as they have been vetted by the WordPress community
- Read the reviews
Look through any reviews within the WordPress website but also via your search engine of choice. Be sure to look out for any reports that suggest that the plugin is buggy or insecure.
- Research the publisher
Investigate the party who developed and released the plugin to see whether they have a history of releasing quality products.
- Check the version and frequency of updates
Make sure that you are installing the latest version of the plugin. It’s also worth checking how frequently updates for the plugin have been released and when the last one was to make sure that you are going to be using an actively supported product
- Read the notes and setup instructions
Most plugins will come with a .txt file containing information about any vulnerabilities or compatibility issues so this is always worth a quick read. Be sure to follow any included setup instructions as sometimes additional steps are required to ensure that everything is secure.
- Consider using an exploit scanner or theme checker plugin
There are a number of plugins available that will scan your website, other plugins and/or themes for potential exploits and compromises. Just be sure to do your research before installing to ensure that they are as genuine as they seem.
- If you aren’t sure about it, don’t install it
Is it really worth compromising your security for that fancy new plugin?
So by now, your main website and any associated plugins should be far more secure than they were previously. Congratulations on making it this far but there are a few additional things that you can do to make things even better which we will discuss in our next and final post of this series.