Welcome!

Blog Post

Why Installing Too Many Plugins Can Be A Security Disaster

Too Many Plugins Can Be A Security Disaster

As the most popular content management system on the web, WordPress is no stranger to security vulnerabilities - and as anyone who’s been following the news will tell you, there’s been some downright nasty ones over the years. Thing is...it’s not usually core WordPress that puts users at risk.

It’s plugins.

One of the greatest strengths of WordPress is its diverse plugin ecosystem. Even a cursory glance at official directories will show you scores of different tools, each designed to fit a specific need. Here’s the thing about those tools - they aren’t all designed by veteran developers.

As a matter of fact, plenty of them are designed by novices or hobbyists. And while they might be perfectly capable of putting together a seamless, perfectly-architected plugin, they also make mistakes. And those mistakes frequently pertain to security.

Maybe they aren’t aware of WordPress’s coding standards, so their code lacks syntax and is a bug-riddled mess. Maybe they’re trying to be fancy with their code, so they use libraries that aren’t already included with WordPress. Or maybe their testing just didn’t uncover every possible bug.

Either way, their plugin contains an avenue through which its users can be attacked.

And note that this doesn’t apply to any one plugin. These issues are amplified with each plugin you install - every added component in your WordPress installation is another potential attack route. That may sound like fearmongering, but it’s not.

“Depending on which plugins you have installed, how many are active, how they are coded, and what their purpose is, a number of potential issues can arise,” writes wpmudev’s Joe Fylan.“There will be some element of risk with whatever software you decide to install.”

It isn’t just security either, of course. A site that’s bogged down with plugins can become buggy, slow to load, and incredibly resource-intensive. Basically, the lesson here is that you want to be sparing with what you pump into your site, and only use what you need.

So...How Many Is Too Many?

At this point, a lot of you are probably wondering how you can tell if you’re using too many plugins on your own site. Unfortunately, I don’t really have a hard number for you. WP Curve co-founder Dan Norris puts it somewhere in the ballpark of twenty, but honestly, there aren’t really any concrete rules.  Just use what’s necessary to run your site, and don’t go beyond that.

Oh, and whatever plugins you use, make sure you always keep them up to date. That’s just basic housekeeping.

About Matthew Davis -- Matthew works as an inbound marketer and blogger for Future Hosting, a leading provider of VPS hosting. Follow Future Hosting on Twitter at @fhsales, Like them on Facebook and check out their tech/hosting blog,http://www.futurehosting.com/blog.

More Stories By Matt Davis

Matthew Davis works as an inbound marketer and blogger for Future Hosting, a leading provider of VPS hosting. Follow Future Hosting on Twitter at @fhsales and check out their tech/hosting blog, https://www.futurehosting.com/blog.

Latest Stories
SYS-CON Events announced today that Avere Systems, a leading provider of hybrid cloud enablement solutions, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere Systems was created by file systems experts determined to reinvent storage by changing the way enterprises thought about and bought storage resources. With decades of experience behind the company’s founders, Avere got its ...
Microsoft Azure Container Services can be used for container deployment in a variety of ways including support for Orchestrators like Kubernetes, Docker Swarm and Mesos. However, the abstraction for app development that support application self-healing, scaling and so on may not be at the right level. Helm and Draft makes this a lot easier. In this primarily demo-driven session at @DevOpsSummit at 21st Cloud Expo, Raghavan "Rags" Srinivas, a Cloud Solutions Architect/Evangelist at Microsoft, wi...
Containers are rapidly finding their way into enterprise data centers, but change is difficult. How do enterprises transform their architecture with technologies like containers without losing the reliable components of their current solutions? In his session at @DevOpsSummit at 21st Cloud Expo, Tony Campbell, Director, Educational Services at CoreOS, will explore the challenges organizations are facing today as they move to containers and go over how Kubernetes applications can deploy with lega...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
SYS-CON Events announced today that CAST Software will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CAST was founded more than 25 years ago to make the invisible visible. Built around the idea that even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages, CAST provides the software intelligence that matter ...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
SYS-CON Events announced today that Evatronix will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Evatronix SA offers comprehensive solutions in the design and implementation of electronic systems, in CAD / CAM deployment, and also is a designer and manufacturer of advanced 3D scanners for professional applications.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...