topofmind.tv

Why can’t I add WordPress plugins?

There are a number of reasons not to have a ton of plugins installed on your WordPress website

  • It can bog down your site… every page load will have to “run” every plugin. So if you have a bunch of plugins on your site it will load slower.
  • Plugins are not always compatible with each other or with our theme. Our theme was built by developer A, one plugin was built by developer B, and another plugin was built by developer C… all working completely independent of one another. So there is no guarantee whatsoever that their code will work together.
  • And the #1 reason not to have a ton of plugins on our WordPress server is below. There is basically no code control at all. So if a malicious hacker/developer wants to build a cool plugin that also creates a sneaky way for him/her to access your entire WordPress database, there is basically nothing stopping them. So if one of our users wants a new plugin installed, we have no idea if it was made by a hacker who just wants to steal all of our website databases. And the 3 plugins below are “reputable” plugins that people have been using for a long time. This is a very serious and very scary issue. This is the reason Top of Mind rarely adds 3rd party plugins to our sites.

6/22/2011 – On June 22nd, the WordPress team reported suspicious commits to several of their popular plugins (AddThis, WPtouch, and W3 Total Cache) which contained cleverly disguised PHP backdoors. A PHP backdoor could allow someone to gain unauthorized access to your website through maliciously-crafted PHP code. As a precautionary security measure, WordPress has decided to force-reset all passwords on WordPress.org while they investigate the root cause. See http://www.WordPress.org for more information.