WordPress is an extremely versatile CMS with over 50,000 free plug-ins that can be used to add functionality to your site. In this article, we will discuss the number and security of plug-ins.
Why the more plugins you have in WordPress, the greater the security risk.
More than half of WordPress hacking and tampering methods (according to our research) are due to plugin vulnerabilities.
A vulnerability is a hole in a program that allows hackers to perform unauthorized activities. These plugin vulnerabilities are discovered daily by hackers and security companies, and are often disclosed to the public as a precaution.
Examples of publicly disclosed vulnerabilities
Many hackers exploit vulnerabilities in your site using software that performs a comprehensive search of publicly available vulnerabilities.
The more plug-ins you have, the greater the probability that a vulnerability will be discovered, so it is better to avoid installing as many plug-ins as possible to improve security.
Optimal number of plugins for WordPress security
WordPress Doctor has repaired many sites that have been hacked, and while there have been many cases of sites that were unlucky enough to be hacked with only a few plugins, many of our clients have over 40 plugins installed, often with unused plugins that have not been removed. Many of our clients have over 40 plug-ins and many unused plug-ins have not been removed.
On average, we recommend that you have no more than 15 plug-ins on your WordPress site. It is best to limit the number of plug-ins to about 25 at the most.
Also, since a large number of plug-ins often slow down the site, we recommend that you remove as many unused plug-ins as possible from your site after careful examination.
Other security-critical WordPress plugins
In addition to reducing the absolute number of plug-ins installed, the following practices will further improve security.
1 Update plug-ins frequently.
If you update your plug-ins as often as possible, you can improve security by closing vulnerabilities that are discovered at the time of update.
The more frequently you update, the less likely it is that a problem will occur.
However, there is a slight risk that updating a plugin may cause problems with the site or cause damage to the site, such as broken display, due to a combination of theme features, and in some cases, we understand that the creator may prohibit plugins from being updated.
In such cases, please create a test site and test the update before adapting it to the production environment.
2 Delete any plug-ins that have been suspended immediately.
If a plugin is deactivated, it means that the site is not using the plugin program.
However, even if a plugin is deactivated, vulnerabilities can still be exploited by outside parties, so we recommend that you immediately remove any deactivated plugins.
3 Test your plugins for vulnerabilities
You can use the free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal] to test your plugins and WordPress itself for vulnerabilities.
Plug-ins can be scanned for vulnerabilities free of charge, and we recommend that you remove or update any plug-ins that you find.