Web Design and SEO Blog

Mar201915

Caution: Plugins Are a Security Risk to Your Site

by Mira Brody in Development, Security

WordPress currently accounts for 19% of the websites out there. With this level of popularity comes great vulnerability, especially because many users rely heavily on plugins for features necessary for running their business and serving their customers. A plugin is an addition outside of the core platform that adds features — such as ecommerce, spam filters or a photo gallery — to a canned template site such as WordPress, Joomla or Drupal. It is important to understand the weaknesses of plugins and the threats they can present to your website and business and explore some possible alternatives so that you can continue to do do business online without being compromised.

The Risk of Plugins
Your site is only as secure as the code used to build it. With over 36,000 WordPress plugins on the market, there are many different strains of code, points of responsibility and potential security breeches. When you install a plugin, you are putting the functionality and security of your site in the hands of a developer you have never met. This disconnected relationship, while a cost-effective way of providing needed functionality, does not bode well for long-term online business for the following reasons:
  • If the developer vanishes and takes their plugin with them, your site now has lost that functionality.
  • Plugins are not secure; every plugin used on your site presents another point of vulnerability. 20% of the top 50 most popular WordPress plugins were open to the most common web attacks.
  • Plugins will compromise performance. Most users expect your site to load in 2 seconds or less, meaning that a slow load time will lose you visitors.
  • Your search ranking will suffer. Search engines like Google want sites to load quickly and easily to improve user experience, meaning a site weighed down by bloated plugins will slip in rankings.
As you can see, there is a lot at risk associated with relying on plugins to your template system. There are, however, other available solutions out there.

Why a Custom Option is Better

In order to make the best possible investment in your business, choose to pursue a custom built site with a developer you trust. A custom site has a single code base that only one developer has control over so there is no unknown code from a third party. With a custom site, you develop a personal relationship with a developer who has a vested interest in the success of your business and they build the code of your site from the ground up, with your needs in mind.

Although a lot of this news sounds negative, you can be confidant knowing you have a trusted partner available to help you, whether you’re ready for a custom site right now, or not. The team here at JTech has over 20 years of code base under us, and we’ve worked hard to improve and update it on a constant basis. This keeps the sites we build secure, performant and scalable. If you experienced a data breech recently, are sick of the confines of a template system and are ready to build something custom, come talk to us — we build websites at any price point. Additionally, if you are having trouble with your Wordpress site, we have the experience necessary to get all of your plugins working and get your site up and running to eliminate downtime so you can get back to work.