The consequences of plugins that do not get updated by their authors
WordPress was conceived as an open source platform. That means that you can download and install the application for free. Complementing this is the work done by plugin and theme developers (authors) who also make their products available for free downloads. Such free downloads include contact forms, site security, backups, galleries and hundreds more.
Once the plugin was placed on the WordPress.org repository, the authors also try to respond to support requests. The plugin technology had to be updated with each new version of WordPress in order to be compatible. This entails a huge amount of time and effort.
What do plugin authors authors ask for in return? A donation or a good review.
The plugin enviornment today
There are an untold number of plugin authors who continue to offer their products free and continue to update and support them. Authors also offer premium versions of their plugins for a fee with extra features and excellent support.
Those plugins that have not been updated by their authors for 2, 3, 4 or more years are considered “abandoned.” Because they still remain available on the repostiory (I believe this is something that WordPress should reconsider doing), site owners and developers often install them on their sites.
The problem? Abandoned plugins often have vulnerabilities which leave sites open to hackers.
Review this list of abandoned plugins
[table id=1 /]
Wordfence compiled this list of abandoned plugins that have vulnerabilities and make your site less secure. If you use a plugin on this list, you should go to the WordPress Plugin Repository and search for a similar one and install it. Be sure to deactivate and delete the abandoned one.
Note: I have reviewed the list and there is not a plugin that I see that I installed on any of my clients’ sites. However, if you are maintaining your site and have installed plugins, review the list and remove those abandonded.
It is important to frequently review your plugins. Sometimes it is hard to remember which ones you have updated and not updated. Look at the plugin details and if a plugin has not been updated in 2 years, consider replacing it.
3 things to look for when selecting plugins
When I search for plugins, there are 3 pieces of information I look for:
- How many installs – I want to see 1,000 plus. If the plugin serves an unusual function there may be less installs.
- What is the rating – how many stars? I look for 3.5 to 5 star ratings
- When was it last updated – I’ll go out as far as one year, but I would need to keep an eye on that plugin to make sure it is updated in the near future.
All these items are required in order for me to select and install a plugin. See below.
Learn more about abandoned plugins at Wordfence.
If there are any questions about abandoned plugins, please contact me.
Now press on!