What are unsafe WordPress plugins?

Feb 13, 2023

WordPress is a widely used content management system that powers over 40% of all websites on the internet. One of the reasons for its popularity is the availability of plugins, which add additional functionality to WordPress sites. However, not all plugins are created equal, and some can pose a significant security risk. In this article, we will discuss unsafe WordPress plugins and what website owners can do to protect their sites.


What are unsafe WordPress plugins?

Unsafe WordPress plugins are those that have vulnerabilities that can be exploited by attackers to compromise the security of the website. This can happen for several reasons, such as coding errors, outdated software libraries, or poor development practices. Attackers can use these vulnerabilities to gain unauthorized access to the website, steal sensitive data, inject malicious code, or even take control of the site.


Examples of unsafe WordPress plugins

Some of the most common types of unsafe WordPress plugins include:


  1. Outdated plugins: These are plugins that have not been updated for a long time and may have security vulnerabilities that have not been patched.
  2. Nulled plugins: These are pirated versions of premium plugins that have been modified to remove licensing and copyright protection. They often contain malware or other malicious code that can harm the website.
  3. Plugins with poor coding practices: These are plugins that have not been developed with security in mind and may contain vulnerabilities that can be exploited by attackers.
  4. Plugins with too many features: These are plugins that offer a lot of functionality but may also have a lot of code and potential vulnerabilities.


How to protect your website from unsafe WordPress plugins

To protect your website from unsafe WordPress plugins, you should follow these best practices:


  1. Only install plugins from trusted sources: Always download plugins from reputable sources, such as the WordPress plugin repository or the official website of the plugin developer.

    *** NB!!

    However… and this is also very important: ALWAYS check the reviews of a plugin before installing it on your site. Even though a plugin is on the WP repo does not mean it will not crash your site to kingdom come! Too many one star reviews is a definite red flag. Read those and if too many literally say “It crashed my site” then be aware that this might be exactly what it will do. Too simple, right? But if you feel that this is the perfect plugin and it fits your needs 100% then ok but proceed with caution by using a trusted site backup plugin such as https://wordpress.org/plugins/all-in-one-wp-migration/ before you install.   NB!! ***

  2. Keep plugins updated: Make sure to keep all your plugins updated to their latest version, which often includes security patches and bug fixes but be sure to always perform a backup of your site before doing so.
  3. Use security plugins: Install security plugins that can scan your website for vulnerabilities, block malicious traffic, and protect against attacks.
  4. Perform regular backups: Back up your website regularly, so you can restore it in case of a security breach or other issues.
  5. Use strong passwords: Use strong passwords that are difficult to guess and enable two-factor authentication to add an extra layer of security.




The vast majority of plugins on the WP repo are 100% reliable, but unsafe WordPress plugins do exist and can pose a significant risk to the security of your website. To protect your site, it is essential to only install plugins from trusted sources, always check the reviews, keep them updated, use security plugins, perform regular backups, and use strong passwords. By following these best practices, you can ensure that your WordPress site remains secure and protected from potential threats.