Brad Litwin
Brad Litwin 21 December 2018
Categories Technology

Five Tips To Help You Avoid Malicious WordPress Plugins And Themes

Wordpress’s plugins and themes are one of the most powerful things about the platform - easy to use and easy to install, they can transform your website into just about anything you could possibly imagine. Unfortunately, there are plenty of people out there looking to use this functionality for nefarious purposes - here’s how to spot and avoid them.

All told, WordPress is a remarkably secure platform. Were it not, I doubt it would have achieved the level of market penetration it has. Of course, that probably has as much to do with its plugin ecosystem as anything else.

WordPress’s greatest strength, and its greatest weakness.

There exists a dizzyingly diverse selection of plugins and themes on the web. Tools that can transform your website into just about anything you could possibly imagine. As you might expect, there are also plenty of unsavory characters angling to abuse this fact - to trick unsuspecting webmasters into downloading malicious software and compromising their website.

Here’s how to spot (and avoid) them.

1. Be Careful Where You Download From

There are plenty of reputable, trustworthy plugin repositories and theme marketplaces on the web, but there are also a ton of shady back alley websites loaded with all sorts of nasty stuff. Sites like the WordPress Marketplace and ThemeForest - as well as the websites of reputable, well-known developers - are usually safe. But if you had to spend several hours on Google to find a particular repository?

There’s probably a very good reason it was so hard to find.

2. Look At The Reviews

What are people saying about the plugin or theme on the web? What about the developer of that plugin or theme? Generally speaking, if someone is a peddler of malware, it doesn’t take long for people to call them out for it. And when someone gets a reputation like that, it becomes very difficult for them to shed it.

A little bit of due diligence here can go a very long way. A quick google search on a developer’s name, a quick look through the reviews on the repository, a quick glance at other plugins they’ve get the idea. Do note that some repositories make it impossible to post negative reviews - if possible, look at multiple sources in the course of your research.

3. Read The Documentation

How well-supported is the plugin or theme? Are there changelogs for each update? Extensive documentation on how to use its various features and functions? Is developer active on their support forum?

A quality plugin or theme offers more than just functionality. It’s maintained by a developer who actually cares about offering their users something of value. A lack of documentation or support could indicate that the dev doesn’t care - or it could indicate that they’re peddling malware.

4. Do A Bit Of Historical Research

It’s also important to look at a plugin/theme’s history. How many total downloads does it have? How many active installations are there? Is it being distributed by someone you know isn’t the original developer?

5. Ultimately, Just Use Your Best Judgement

Are you stoked about finding a premium plugin or theme for free? Before you get too excited, you’d best ask yourself what the person peddling that software has to gain by doing so. Because you can bet they aren’t doing this entirely out of the kindness of their heart.

Generally speaking, if someone claims to be offering a paid-for, full-featured premium plugin or theme at no cost, walk away. There’s a good chance their version is laden with malware, or at the very least contains a backdoor that’ll allow them to freely exploit your website.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Ten Tips For Startup Success - Volume 2

Ten Tips For Startup Success - Volume 2

A startup usually succeeds when it is driven by a passionate entrepreneur. A focus on creating unique solutions in delivering customer delight is what is required to succeed. Focusing strongly on customers and the...

Neel Sinha
Neel Sinha 15 January 2019
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
Collection Of The Best Email Testing Tools Online

Collection Of The Best Email Testing Tools Online

Don’t be afraid of email testing. There are many free or freemium tools online that can help you with testing your SPAM score, deliverability and even the rendering of your email. We feature 30 email testing tools in...

Roland Pokornyik
Roland Pokornyik 31 October 2016
Read more