If you ask me what makes WordPress special, it would be its ecosystem. WordPress is a simple-to-use content management system. You can install it within minutes. Another important part of WordPress is its plugin.
It doesn’t matter what purpose you are going to use your website; you need to install plugins. For example, to protect spam, you need to install at least Akismet. Or maybe install a security plugin to protect your website? Well, the truth is without installing plugins you cannot take full advantage of what WordPress has to offer.
The above is also true for new bloggers who are starting a website. They need basic plugins to get their website up and to run. However, not all plugins are made equal. Some of them are amazing, but others can cause problems to your website.
According to Wordfence, WordPress plugins are responsible for security breaches at around 55.9% impact. That’s a big number. And, that’s why today, we will list the warning signs to skip downloading WordPress plugins. If you don’t take proper precautions, adding bad plugins can increase your overall website cost.
These tips will help you find out malicious plugins before you even think of downloading the plugin. So, without waiting, let’s get started.
Warning Signs to Skip Downloading WordPress plugins
1. The plugin is not from a reputable source:
One of the first thing that you should take notice of is where you are downloading the plugin from. A quick Google search for “website builders plugin” can land you to hundreds of results. However, don’t just start downloading your plugin yet. Quickly check the age of the repository.
If it is too old, then it is time to skip it. One way to figure it out is by looking at the email address of the developer. Older emails generally use email services that are no longer working(for example, AOL.) Another hint including very old website design, too many ads, and so on.
We recommend using WordPress plugins repository and CodeCanyon for downloading your plugin. They are excellent sources to start your plugin hunt journey.
2. Plugin haven’t been updated from ages:
As there are multiple plugins for the same purpose, you will find that developers sooner or later stop caring about their plugin. They stop adding patches, fixing bugs or vulnerabilities. On top of that, there are compatibility issues that can happen if you install an old plugin.
To understand if you are downloading an old plugin, check out the “Last Updated” feature. If it is more than one year, it is better to skip it. Also, if you are downloading from WordPress official plugin repository, it will clearly show you a message about its incompatibility.
3. Check if you are not downloading a beta plugin:
Plugin development goes through a series of step. One step is to release plugins to the audience to test. They are termed as “beta plugins.” Beta plugins are unfinished products and are just for experimental purposes. Many WordPress owners test our beta plugins to understand if they are going to be compatible with their installation when it comes out.
In simple words, a beta plugin is for testing purposes only. They can be heavily broken or contain vulnerabilities. Generally, it is hard to understand if a plugin is in beta or not. To know you need to go to the development tab or check out their release notes. Only download a beta plugin if you know what you are doing.
4. Check out for developer reputation:
A good way to know if your plugin is good or not is to research about its developer. After all, he is the person who is developing the plugin? So, what red flags you should for in a developer? Let’s list below.
Be warned if you see a new owner of the developer. This means that it has been sold off, and might not see any updates soon. Also, you have no idea about the intention of the new developer.
Do causal research on the developer names. If something negative comes about him, then it is better to stay away from the plugin.
The search result returns empty. This means that the developer is not popular or haven’t created his profile. If their official website also doesn’t turn up, it better to look out for other plugins.
5. Suspicious Code:
Another way to identify a bad plugin is to look at the code. We know it is not possible for most of the users to look at the code, but still is a viable way for the ones who know about WordPress plugin development.
Try to check trivial things such as plugin file structure. You can also follow the “Plugin Development” codex at WordPress.
There is no point in installing a plugin that is not compatible with your WordPress version. To understand compatibility, you need to take a look at two fields, “Requires WordPress Version” and “Tested Up to.” The first value determines which WordPress version is minimum required for the plugin to work. The “tested up to” field tell you up to which WordPress version, the plugin has been tested and is guaranteed to work on.
7. Bad Ratings:
Ratings tell you how good or bad the plugin is. For example, they will give you good signal on whether the plugin is even worth downloading. If a plugin is below 3, it is always better to skip that plugin and look for an alternative. Ratings around 3.5 should be scrutinized before downloading. Try to read reviews and understand. For example, if you choose website builders plugin, it is always ideal to go for a plugin with 4+ or even higher rating. The reason is that a bad website builder plugin can mess up your website beyond recoverability.
Finding a good plugin is not hard. However, spotting a bad plugin is not easy. It takes experience, knowledge, and intuition to understand if a plugin is bad or not. The above tips will surely help you to skip bad plugins. So, what do you about the above tips? Comment below and let us know.
Pawan Sahu is the founder of MarkupTrend. He is a blogger and marketing geek passionate about writing articles related to WordPress, SEO, Marketing, Web Design, and CMS etc.