How many WordPress plugins are just too many?

It is very common for us as a WordPress development firm to take over existing sites, and some of the most frequent questions we receive from new clients are related to plugins: “how many WP plugins should they keep in our site ?  how many are just too many? Is the site safe or vulnerable? scalable? Some people seem to be addicted to plugins. They enjoy finding the right plugin to solve a particular need. With more than 50,000 free plugins in the Plugin Directory alone, it’s easy to feel the thrill of trying them all, but what kind of result, can an excessive plugin addiction cause to your site?

  1. It is not always about quantity but quality: Each plugin is different and some could be poorly coded, outdated or use more resources than needed. This can affect the site in many ways (security, performance, load time, among others)
  2. Not all WP plugins are safe to install: Wp critics often say that WordPress is not  a safe platform, but the truth is that, like with any other CMS, WP is as safe as the component developers install. Yes, there are many plugins  with  serious vulnerability problems, and those may affect the site greatly. In particular, stay away from plugins that do not offer regular updates, or have reported vulnerabilities in the past. Read the reviews, before adding to your site, and test that the site works properly after activation.
  3. Compatibility Issues: Some plugins with outdated versions or not tested with the  current WordPress version, may affect greatly with anomalous functions. It is key to  test that each plug is compatible with the theme and WP code.
  4. Load time & Performance: There are plugins that may affect site’s performance. Some plugins may add  extra Javascript/jquery code impacting the site speed while backend plugins may effects the site by overloading with too many database calls and queries. Plugins that require querying large amount of data should be carefully vetted and tested on a regular basis.

In sum, there is is not really any exact number of plugins that may be too much for a site. You just have to make sure you are using just the tools you need, choosing effective plugins those will help rather than adding a  burden for your web site . If you notice that the site is slowing down, that would be a clear red flag that something is not ok, and plugins would be one of the first place to look for the solution.

WP security

WordPress 4.2. Is it safer?

Security breaches to WP have been for the most part related to plugins. However, this week a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver.

The vulnerability, present in WordPress version 4.2 and below,  could allow an attacker to inject JavaScript in the WordPress comment field.  The comment has to be at least 66,000 characters long and it will be triggered when the comment is viewed.  This data is truncated as it is written to the database, breaking safety checks that are supposed to filter out malicious code when the comment is displayed to visitors. Accroding to the researcher: “During this time all WordPress servers using default comment settings have been quite easily hackable,” he said. “Now it turns out they still didn’t get it right. It looks like the risk for WordPress users may be smaller and patches faster with full disclosure.”  On Monday, the company issued a “critical” security update, WordPress 4.2.1.

April has been an intense month with updates launching weekly to patch vulnerabilites found on some of the most popular WP plugins. If is key to keep up with update to reduce risks of an attack. Also keep a solid daily backup and restore platform in place.

If you have any questions on how to patch this issue or other WP related security questions please contact us to review your site.