WordPress is an extremely versatile CMS with over 50,000 free plug-ins that can be used to add functionality to your site. In this article, we will discuss the number and security of plug-ins.

Why the more plugins you have in WordPress, the greater the security risk.

More than half of WordPress hacking and tampering methods (according to our research) are due to plugin vulnerabilities.
A vulnerability is a hole in a program that allows hackers to perform unauthorized activities. These plugin vulnerabilities are discovered daily by hackers and security companies, and are often disclosed to the public as a precaution.

Examples of publicly disclosed vulnerabilities

Many hackers exploit vulnerabilities in your site using software that performs a comprehensive search of publicly available vulnerabilities.
The more plug-ins you have, the greater the probability that a vulnerability will be discovered, so it is better to avoid installing as many plug-ins as possible to improve security.

Optimal number of plugins for WordPress security

WordPress Doctor has repaired many sites that have been hacked, and while there have been many cases of sites that were unlucky enough to be hacked with only a few plugins, many of our clients have over 40 plugins installed, often with unused plugins that have not been removed. Many of our clients have over 40 plug-ins and many unused plug-ins have not been removed.

On average, we recommend that you have no more than 15 plug-ins on your WordPress site. It is best to limit the number of plug-ins to about 25 at the most.
Also, since a large number of plug-ins often slow down the site, we recommend that you remove as many unused plug-ins as possible from your site after careful examination.

Other security-critical WordPress plugins

In addition to reducing the absolute number of plug-ins installed, the following practices will further improve security.

1 Update plug-ins frequently.
If you update your plug-ins as often as possible, you can improve security by closing vulnerabilities that are discovered at the time of update.

The more frequently you update, the less likely it is that a problem will occur.
However, there is a slight risk that updating a plugin may cause problems with the site or cause damage to the site, such as broken display, due to a combination of theme features, and in some cases, we understand that the creator may prohibit plugins from being updated.

In such cases, please create a test site and test the update before adapting it to the production environment.

2 Delete any plug-ins that have been suspended immediately.
If a plugin is deactivated, it means that the site is not using the plugin program.
However, even if a plugin is deactivated, vulnerabilities can still be exploited by outside parties, so we recommend that you immediately remove any deactivated plugins.

3 Test your plugins for vulnerabilities
You can use the free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal] to test your plugins and WordPress itself for vulnerabilities.

Plug-ins can be scanned for vulnerabilities free of charge, and we recommend that you remove or update any plug-ins that you find.

Related Posts:

  1. How to check individual WordPress plugins for vulnerabilities
    Hacking using plug-in vulnerabilities, which account for the majority of WordPress malware infections (tampering damage), has been increasing in recent years. Plug-in vulnerabilities are sometimes fixed by the creators of the plug-ins, so it is advisable to keep all plug-ins up-to-date, but you may hesitate to do so because of the possibility of WordPress malfunctions. If the plugins are repeatedly...
  2. If you are worried about security with WordPress, but also worried about problems that may occur when updating
    WordPress itself, themes, and plug-ins are rarely found to be vulnerable, and their creators release updates to improve security, but updates can also cause problems with the site. In some cases, the update is forbidden by the company because it causes the site to malfunction. This dilemma always revolves around the operation of WordPress. We will explain how to deal...
  3. Security measures for plugins, themes, and WordPress updates (updates) that are difficult to keep up to date
    Updating (updating) a WordPress site’s plug-ins, theme, or main body will overwrite the code, so it may be difficult to update if you have customized the site in any way. In addition, many sites have been stopped by their creators from updating their sites because of the possibility of malfunctions that may occur if the above mentioned updates are made....
  4. Checklist for Improving WordPress Security
    WordPress Doctor helps hundreds of sites a year clean up malware and create secure sites. Based on this experience, we have created a checklist for running WordPress securely according to its level of importance. We hope you find it helpful....
  5. Five free WordPress security measures
    Here are five free WordPress security measures you can take....
  6. What many people misunderstand about WordPress security.
    We have summarized some of the security measures taken by WordPress, which are often misunderstood by many people and often result in tampering and malware embedding!...