Submit a enquiry

    Back to all posts

    How to tell if a WordPress plugin is safe

    by Billy Sunderland Partnership Executive

    There are currently 54,543 WordPress plugins, and while many of them are great additions to your website, there is always a risk of installing one that is unsafe and can damage your site. Some WordPress plugins might be made by developers with insufficient experience and be coded improperly, some might be coded in a way that conflicts with another of your plugins, and some – unfortunately – are created by a fake WordPress developer or hacker.

    Plugins can affect your site in many ways from speed to security and, even if it looks totally safe, it can quickly become unsafe if it isn’t monitored and updated. It can sometimes be difficult to tell if a WordPress plugin is safe or not, that’s why we have outlined some of the core warning signs to look out for.

    Poor user ratings and reviews

    It goes without saying that checking what other peoples’ experiences were like should be one of the first port of calls when you are trying to tell if a WordPress plugin is safe. If reviews are mostly negative, consider it a warning – the plugin probably won’t deliver what you are expecting it to.

    Number of active installs

    If a WordPress plugin is active on many sites then consider this some evidence of it being reliable. Unless it is a brand-new feature, aim for the plugin to have around 5000 downloads.

    The dev has a bad reputation or no visible history

    Always look into the developer’s reputation. A quick Google search could bring up results warning you against trusting them. However, no news is not always good news – watch out for developers that yield no results when you search for them.

    The dev is a new owner of the plugin

    Be wary if the developer is a brand-new owner of the plugin. This combined with a lack of previous history as a developer could indicate that they have purchased it in order to inject malicious code into sites.

    The plugin isn’t updated recently or frequently enough

    If the plugin is old and hasn’t been updated in the last three months then, as a rule of thumb, leave it.

    Your Google search for the WordPress plugin yields results such as ‘not safe’

    When trying to tell if a WordPress plugin is safe, you can easily rule out any plugins that yield search results that say it is not safe. Try searching for the name of the plugin plus the words ‘hacked’, ‘compromised’, ‘unsafe’, etc. and see if anything comes up.

    Something just looks suspicious…

    If you are familiar enough with code, check to see that everything that should be there is there. If anything looks suspicious or out of place, trust your gut and don’t download!

    So there you have some basic tips on how to tell if a WordPress plugin is safe.

    We are a white label web development agency based in the UK. Our team of freelance developers work on emails, WordPress sites and Magento sites. Get in touch to discuss your project discretely.