Mind Your WordPress Plug-Ins!

wpWordPress is an extremely powerful and robust CMS (Content Management System). Between this fact, and its relative ease of use, it’s no surprise that WordPress (affectionately known as, ‘WP’) is also the most commonly used CMS on the web. As while it is, as mentioned, quite powerful with loads of functionality built in, there exist literally thousands of plug-ins one can install that provide for even more features.

A quick Google search can clue you in to some of the more commonly used or important WordPress plug-ins, but that sort of list is not what we are here to discuss. Rather it is my aim to impart upon you that attentive management of one’s plug-ins is a key component in making sure your website behaves properly, and even remains secure.

Sense of Security

So the first lesson is to make sure, when working with plug-ins, that you keep them up to date. And if you’re finished using a plug-in that served a temporary purpose, ideally get rid of it after use. It is strongly advised that if you use WordPress as your CMS, do an audit of your plug-ins from time to time, as some can be exploitable and you should be keenly aware of what is on your website. Plug-ins that have not been updated in over a year, for instance, could be suspect.

A simple example of this is a default WordPress feature called XML-RPC. This allows an application to initiate multiple commands from a single request. And this has allowed some savvy malicious folks to more efficiently attempt brute force attacks (since brute force basically means trying every possible credential combination until the correct one is landed upon). So what to do? It’s generally recommended that this feature be disabled if not in use, and for most website owners and WordPress users, it is not. And more importantly, stay up to date on which WordPress plug-ins may increase securities vulnerability.

If At First You Don’t Succeed, At Least It Wasn’t Live

Another issue about which one must be cognizant is when a plug-in makes a website not function properly. This would never happen in a perfect world, but again, thousands of third party plug-ins exist, many of them wonderful. But sometimes they don’t jive with the rest of your site.

The solution here is something most web developers (like Curotec) do by default, which is to install plug-ins and run tests in a stage environment. That way if a plug-in somehow “breaks” your website, it hasn’t actually gone live on your site proper, and thus you can catch any such errors or incompatibilities before they can actually affect your live site. Only after a rigorous testing (ideally) on this stage environment can you be confident in moving those updates into production.

A Serial Killer

The final thing I want to mention pertains to the process of migrating the domain from the aforementioned stage URL to the production URL (the live site). Often, people get snagged by database serialization. This has to do with how structured data is stored in WordPress’s database. When a website URL exists within those data structures, and WordPress does a standard, “find and replace,” of that data, it can sometimes “break” some of the objects within that database. The solution to this is to re-serialize that data and, surprise surprise, there are third party plug-ins which can do this for you.

Knowledge is Power

Of course this is not a comprehensive analysis of the potential interaction of WordPress and all of the available plug-ins. But the take away here is to pay attention. Always know what is on your website, and be aware of how your useful and helpful plug-ins may affect your site both in the short term and long term.

By being vigilant in regards to your WordPress plug-ins, and by updating to test environments for some quality assurance style testing, you can significantly reduce potential problems relating to both your website’s functioning properly, and its security. If you are unsure about any of this, and could benefit from some guidance in minding your plug-ins, or course you can reach out to us and we will assist.

WordPress, along with its many available plug-ins, comprise a truly amazing tool which powers the majority of sites on the web. But as with any tool, being knowledgeable and practiced in your handling of it can make all the difference in the world. And if we can help you learn more about how to use your tools safely and effectively, well then we’ve done our job.