When WordPress plugins go bad

Sep 8, 2021 | Web Design Blog, Blog

When WordPress plugins go bad

When we’re building a WordPress website we like to use plugins. Plugins allow us to add a specific functionality to a website that wouldn’t be available in a stock WordPress install.

We use plugins for contact forms, disabling comments and really exciting stuff like SMTP authentication which helps improve email deliverability from the website. Many plugins advertise ‘…easiest, most effective plugin available’, or ‘#1 WordPress plugin for such and such’. Sometimes this may be the case but there are some plugins that really shouldn’t be used or even trusted.

Reliable plugin sold and ruined by new developer

At Portal we used a free, simple, reliable and free WordPress plugin for GDPR compliance on all of our clients websites. However, it was recently bought by a larger plugin company which changed it for the worse. Going from a nice and simple easy to configure plugin to something that required a monthly fee and was awkward to set up and limited in functionality. We obviously didn’t want to have to unnecessarily charge our hosted clients out of the blue so we spent 2 full days removing and adding a new GDPR plugin to every single one of our sites. Now when we say 2 days, we aren’t exaggerating we mean 2 full days of removing a plugin because they changed it for the worse.

Broken, out of date plugins

When browsing through the plugins available on WordPress it is important that you check that they have been updated and are functioning with the recent version of WordPress. For one of our clients we had a plugin that created a rather slick flip book of any PDF. However, it hasn’t been updated since November 2020 meaning that it isn’t compatible with the latest version of WordPress rendering it broken and pretty much useless. 

This was also a premium plugin bought from a reputable software website and can oddly enough still be purchased. The comments and reviews show that the plugin looks to be abandoned. Thankfully we have found an alternative which does almost exactly the same as the paid plugin if not better.

Code exploit in latest plugin version

We use SMTP(Simple Mail Transfer Protocol) plugins on all of our websites. An SMTP plugin allows you to configure and send all outgoing emails via a SMTP server preventing your emails from going into the junk/spam folder of the recipients. Like a good website management and hosting company we like to keep our WordPress plugins up to date. However, the latest update for this particular plugin had an exploit in it which allowed people to create users and then redirect the site to somewhere else. Now this is the opposite of leaving your plugin to go out of date as the exploit came in an update and this is the only time this has happened, it was caught quickly by the community and the plugin was patched.

If you have read this blog and are unsure if you know what the best plugins for your site are or are looking to have your site improved or updated, then please get in touch with us here.

If you are looking grow your online presence through your website or your social media, please get in touch here and one of our creative team will be able to help.

Our web design & marketing blog

We live and breathe in the digital world which may be a bit geeky but we're passionate about our work and love sharing our knowledge with you.

Need our Assistance?

We’d love to work with you on your new project get in touch with us today