WordPress Plugins: Insecure Backdoors
General Guidelines for Plugin Maintenance on WordPress Websites
HighPower Data Solutions has a web service (WPMU) designed specifically for companies who need secure, well-monitored WordPress hosting. We offer a complete Concierge Service so our customers don’t have to worry about WordPress security or WordPress plugins, which are often related.

Here is some recent news from the WPMU DEV newsletter:
Fact 1: “According to a source, 90% of vulnerabilities on the WordPress platform originate from outdated plugins, and 6% come from outdated themes.”
Fact 2: “There are roughly 59,208 free WordPress plugins currently available in the directory.”
Fact 3: “About 7% of WordPress websites are still running WordPress 4.9 or earlier.”
Given these facts, it’s clear that maintaining plugins and keeping WordPress up to date is critical for the security and performance of your website. Here are some general guidelines with actionable items to manage your plugins effectively:
Regularly Update Plugins and Themes
Action Items:
- Set a Schedule: Establish a regular schedule for checking and updating plugins and themes. Weekly or bi-weekly checks are recommended.
- Automate Updates: Use automatic updates for trusted plugins and themes.
- Backup First: Always perform a full site backup before updating plugins or themes to insure against data loss.
Review and Audit Plugins
Action Items:
- Audit Regularly: Periodically review all installed plugins and deactivate or remove any no longer in use.
- Check Plugin Reputation: Before installing a new plugin, check its reviews, ratings, and the number of active installations to ensure it is reliable and well-supported.
- Security Focused: Prioritize plugins that are regularly updated and have a good track record of addressing security vulnerabilities.
Limit Plugin Usage
Action Items:
- Essential Only: Install only the plugins that are essential for your site’s functionality to reduce potential security risks and improve performance.
- Consolidate Functions: If possible, use multipurpose plugins that handle several functions, reducing the number of individual plugins.
Update WordPress Core
Action Items:
- Stay Current: Always update to the latest version of WordPress to benefit from security patches and new features.
- Test Updates: Test major updates on a staging site before applying them to your live site to ensure compatibility with existing plugins and themes.
- Monitor Version: Regularly check your WordPress version and update as soon as a new version is released.
Monitor for Vulnerabilities
Action Items:
- Security Plugins: Use security plugins like Wordfence, Sucuri, or iThemes Security to monitor for vulnerabilities and unauthorized changes.
- Subscribe to Alerts: Subscribe to security newsletters and alerts to stay informed about new vulnerabilities and updates.
- Regular Scans: Conduct regular security scans to detect and address vulnerabilities promptly.
Contact HighPower-Design.com to subscribe to our WordPress Maintenance Plan
• We will monitor all of your plugins, and WP Core to insure your site doesn’t become vulnerable to security hacks.
Conclusion
Maintaining plugins and keeping your WordPress site updated are crucial steps to insuring the security and performance. By following these guidelines and implementing the action items, you can significantly reduce the risk of vulnerabilities and keep your site running smoothly.