Article

Brad Litwin
Brad Litwin 21 December 2018
Categories Technology

Five Tips To Help You Avoid Malicious WordPress Plugins And Themes

Wordpress’s plugins and themes are one of the most powerful things about the platform - easy to use and easy to install, they can transform your website into just about anything you could possibly imagine. Unfortunately, there are plenty of people out there looking to use this functionality for nefarious purposes - here’s how to spot and avoid them.

All told, WordPress is a remarkably secure platform. Were it not, I doubt it would have achieved the level of market penetration it has. Of course, that probably has as much to do with its plugin ecosystem as anything else.

WordPress’s greatest strength, and its greatest weakness.

There exists a dizzyingly diverse selection of plugins and themes on the web. Tools that can transform your website into just about anything you could possibly imagine. As you might expect, there are also plenty of unsavory characters angling to abuse this fact - to trick unsuspecting webmasters into downloading malicious software and compromising their website.

Here’s how to spot (and avoid) them.

1. Be Careful Where You Download From

There are plenty of reputable, trustworthy plugin repositories and theme marketplaces on the web, but there are also a ton of shady back alley websites loaded with all sorts of nasty stuff. Sites like the WordPress Marketplace and ThemeForest - as well as the websites of reputable, well-known developers - are usually safe. But if you had to spend several hours on Google to find a particular repository?

There’s probably a very good reason it was so hard to find.

2. Look At The Reviews

What are people saying about the plugin or theme on the web? What about the developer of that plugin or theme? Generally speaking, if someone is a peddler of malware, it doesn’t take long for people to call them out for it. And when someone gets a reputation like that, it becomes very difficult for them to shed it.

A little bit of due diligence here can go a very long way. A quick google search on a developer’s name, a quick look through the reviews on the repository, a quick glance at other plugins they’ve developed...you get the idea. Do note that some repositories make it impossible to post negative reviews - if possible, look at multiple sources in the course of your research.

3. Read The Documentation

How well-supported is the plugin or theme? Are there changelogs for each update? Extensive documentation on how to use its various features and functions? Is developer active on their support forum?

A quality plugin or theme offers more than just functionality. It’s maintained by a developer who actually cares about offering their users something of value. A lack of documentation or support could indicate that the dev doesn’t care - or it could indicate that they’re peddling malware.

4. Do A Bit Of Historical Research

It’s also important to look at a plugin/theme’s history. How many total downloads does it have? How many active installations are there? Is it being distributed by someone you know isn’t the original developer?

5. Ultimately, Just Use Your Best Judgement

Are you stoked about finding a premium plugin or theme for free? Before you get too excited, you’d best ask yourself what the person peddling that software has to gain by doing so. Because you can bet they aren’t doing this entirely out of the kindness of their heart.

Generally speaking, if someone claims to be offering a paid-for, full-featured premium plugin or theme at no cost, walk away. There’s a good chance their version is laden with malware, or at the very least contains a backdoor that’ll allow them to freely exploit your website.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Top 10 B2B Channels to Help Your Business Grow Worldwide

Top 10 B2B Channels to Help Your Business Grow Worldwide

Explore the essential B2B channels for enhancing global business expansion, focusing on lead generation, effective branding strategies and fostering connections to unlock new market opportunities​.

Salman Sharif
Salman Sharif 21 March 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
Facebook & Instagram Ads Alchemy: Our Secret Formula for Targeted eCommerce Campaigns

Facebook & Instagram Ads Alchemy: Our Secret Formula for Targeted eCommerce Campaigns

In modern marketing practice, a significant portion of advertising campaigns gravitate towards social media platforms, particularly Instagram and Facebook. These platforms have become key to the strategies of...

Andava Digital
Andava Digital 25 March 2024
Read more