Are you aware that every plugin on your WordPress website is a door into your install? It’s critical that only active those plugins that are necessary for your site to run are installed.
Plugins are the prime target for hackers
Recently, Sucuri released a post about how hackers can hijack an outdated plugin and use it to compromise thousands of websites. Click here to read the article.
Keeping plugins up to date is only half the battle, as seen in that article. If someone takes hold of a plugin’s code, it doesn’t matter if you’ve kept it up to date, you are still vulnerable. Still, many plugins fall grossly out of date from the author’s end and become unsupported over time.
Regularly auditing your installed plugins is a great way to keep a step ahead of the game.
Step by step to auditing your plugins
1. Remove all deactivated plugins. If it’s deactivated it doesn’t need to be there. If it’s a plugin you think you’ll need later on, just save a copy of it to your hard drive.
2. Make sure all plugins are up to date.
3. View the plugin details (a link will be next to the plugin on the Plugins page) for the last time it was updated. If it’s been over 2 years, consider looking for a replacement plugin.
4. Consolidate plugin functionality. If you have three plugins that can be done by the job of one, use that one plugin instead.
Aim to get that plugin count low and you’ll be in a good place with your WordPress install to keep it updated and secure.