Brad Litwin
Brad Litwin 21 December 2018
Categories Technology

Five Tips To Help You Avoid Malicious WordPress Plugins And Themes

Wordpress’s plugins and themes are one of the most powerful things about the platform - easy to use and easy to install, they can transform your website into just about anything you could possibly imagine. Unfortunately, there are plenty of people out there looking to use this functionality for nefarious purposes - here’s how to spot and avoid them.

All told, WordPress is a remarkably secure platform. Were it not, I doubt it would have achieved the level of market penetration it has. Of course, that probably has as much to do with its plugin ecosystem as anything else.

WordPress’s greatest strength, and its greatest weakness.

There exists a dizzyingly diverse selection of plugins and themes on the web. Tools that can transform your website into just about anything you could possibly imagine. As you might expect, there are also plenty of unsavory characters angling to abuse this fact - to trick unsuspecting webmasters into downloading malicious software and compromising their website.

Here’s how to spot (and avoid) them.

1. Be Careful Where You Download From

There are plenty of reputable, trustworthy plugin repositories and theme marketplaces on the web, but there are also a ton of shady back alley websites loaded with all sorts of nasty stuff. Sites like the WordPress Marketplace and ThemeForest - as well as the websites of reputable, well-known developers - are usually safe. But if you had to spend several hours on Google to find a particular repository?

There’s probably a very good reason it was so hard to find.

2. Look At The Reviews

What are people saying about the plugin or theme on the web? What about the developer of that plugin or theme? Generally speaking, if someone is a peddler of malware, it doesn’t take long for people to call them out for it. And when someone gets a reputation like that, it becomes very difficult for them to shed it.

A little bit of due diligence here can go a very long way. A quick google search on a developer’s name, a quick look through the reviews on the repository, a quick glance at other plugins they’ve get the idea. Do note that some repositories make it impossible to post negative reviews - if possible, look at multiple sources in the course of your research.

3. Read The Documentation

How well-supported is the plugin or theme? Are there changelogs for each update? Extensive documentation on how to use its various features and functions? Is developer active on their support forum?

A quality plugin or theme offers more than just functionality. It’s maintained by a developer who actually cares about offering their users something of value. A lack of documentation or support could indicate that the dev doesn’t care - or it could indicate that they’re peddling malware.

4. Do A Bit Of Historical Research

It’s also important to look at a plugin/theme’s history. How many total downloads does it have? How many active installations are there? Is it being distributed by someone you know isn’t the original developer?

5. Ultimately, Just Use Your Best Judgement

Are you stoked about finding a premium plugin or theme for free? Before you get too excited, you’d best ask yourself what the person peddling that software has to gain by doing so. Because you can bet they aren’t doing this entirely out of the kindness of their heart.

Generally speaking, if someone claims to be offering a paid-for, full-featured premium plugin or theme at no cost, walk away. There’s a good chance their version is laden with malware, or at the very least contains a backdoor that’ll allow them to freely exploit your website.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
How to Win Business with Visual Marketing

How to Win Business with Visual Marketing

Do you want a fail-proof visual marketing strategy to win business? Check out this post for tried-and-tested tactics, illustrations, resources, and hacks.

Gaurav Sharma
Gaurav Sharma 20 May 2020
Read more
Top 10 Skills to Become a Rockstar in Digital Marketing

Top 10 Skills to Become a Rockstar in Digital Marketing

Technology is continuously evolving, prompting marketers and entrepreneurs to dive into digital marketing to increase brand awareness, reach their target market, and ultimately drive sales and profit. 

Jessica Andriani
Jessica Andriani 7 September 2018
Read more
7 False Myths About Remote Marketers Debunked

7 False Myths About Remote Marketers Debunked

In this article, let’s debunk seven myths that companies often believe about remote marketers.

Gaurav Belani
Gaurav Belani 19 May 2020
Read more