WordPress Has Again Closed Plugins

Last Update: December 27, 2017

You've no doubt heard here on WA about limiting your use of plugins. The standard reasoning is because using numerous plugins can reduce page load speeds. And that is correct. But that's not all of it.

The larger problem with the plugins that are used is the code that is injected into your site - and WA - due to these plugins. Don't get me wrong - WA has some of the best security around. But using bad plugins, aka code, puts your site at risk. And I don't mean just risk of looking stupid, but backdoor hacking that places your site visitors at risk as well.

Today Wordfence announced that three more plugins have been removed from the WordPress Repository. Their explanation is as follows: "The WordPress Repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins."

The three plugins I am referring to today are Duplicate Page and Post, No Follow All External Links, and WP No External Links. By the way friends, by following the training here and utilizing other resources, you will not even need plugins to achieve what these three claim to do. And you won't jeopardize your site health.

I share this, not to be alarming, but to educate. Many here at WA are new to site design, and it's easy to see a Plugin that looks cool with all kinds of shiny bells and whistles. I have mentioned before, and will continue to emphasize, that if you are considering adding a plugin, please consider these three points prior to downloading and/or installing into your site:

1) Make sure the plugin is from a trusted author. That means someone that has written more than one plugin, and preferably a person/company who has successfully written many.

2) If the version is 1.0 or is a plugin with low number of installations and/or reviews, step away from the plate and do not swing. Why in the world would you jeopardize your site with bad code written by a newbie? More info here on good practices.

https://my.wealthyaffiliate.co...

https://my.wealthyaffiliate.co...

3) Following the instructions on the links above will make sure that you protect your sites, your hard work, and your reputation.

4) Make sure that the plugin you are considering has been tested with your current version of WordPress.

Set up a sample SiteRubix site to experiment on. It will help you with themes, plugins, and growth. Use proven plugins rather than experimenting with the unknown. Learn, grow, and succeed. That's all I got. Peace friends! :-)

Join the Discussion
Write something…
Recent messages
DianneBee Premium
Great advice! Thank you, and Happy New Year!
Reply
SurfsideBob Premium
My pleasure, Happy New Year to you as well. :-)
Reply
bpais1 Premium
The plugin, Duplicate Pages and Posts, still shows up in the "add new" area.

I use the "Duplicate Posts" plugin when I need to clone a page or post but, I only activate it when needed.

Question: Can a backdoor be initiated if a plugin is deactivated or, only when it is activated?

Jim
Reply
SurfsideBob Premium
Hi Jim,
I am not 100% certain, but from what I have read at several security sites, the backdoor code is injected when you activate and run it. So even if you deactivate the plugin, the code was already injected when you originally activated it. I would delete the plugin altogether.

WA has awesome security, and I think it would scan our sites for potential malicious code. I use Wordfence security in addition to what we have here, which is probably overkill. But I can run scans and block IPs whenever I want, so there are some features I like.

As far as duplicating a page or post, there is really no need for a plugin. With the page open, click on the Text (rather than Visual) Editor tab, then hit CTRL+A to select all, CTRL+C to copy All, and then dump it into a text doc by hitting CTRL+V. Open the page or post on whatever site you want to add it to, then use the CRTL+A, CRTL+C and CTRL+V again. The only thing you'd need to change is the media file URL.

Hope this helps! :-)
Reply
bpais1 Premium
Great explanations, Bob. As for as the Ctrl A copy/paste...I knew that...but, I guess it just didn't register in the gray matter vacuum between my ears!

Duh !!!

Thanks,

Jim
Reply
SurfsideBob Premium
You're welcome, no worries. But copying the Text Editor content (rather than Visual) will retain formatting. Peace my friend. :-)
Reply
bpais1 Premium
Understood...thanks!

Jim
Reply
Fleeky Premium
Great advice!
Plugins can be brickwalls...
Reply
SurfsideBob Premium
Yes ma'am, you are correct there. Sometimes things appear much better than they perform. Peace my friend. :-)
Reply
Fleeky Premium
Peace my friend
Reply
Cazza12 Premium
Thanks for sharing with us Bob, certainly info we really need to know.

Cheers Caz :)
Reply
SurfsideBob Premium
You're very welcome Caz, peace my friend. :-)
Reply
YourBizTips Premium
Thanks for sharing Bob. I wish you and your loved ones a Very Happy, Healthy and Successful New Year from the south of France!

John ツ
Reply
SurfsideBob Premium
My pleasure John, and thank you. Blessings for a healthy and prosperous 2018! :-)
Reply
DaveSw Premium
Some excellent advice Bob! You can't be too careful these days! Cheers! Dave : )
Reply
SurfsideBob Premium
Thanks bro! :-)
Reply
Stella2 Premium
Thanks for the heads up!
I like to keep things simple. Right now my sites have 3 plugins and 2 of those come with WA. :-)
Reply
SurfsideBob Premium
My pleasure Stella! :-)
Reply
wozzy Premium
Thanks Bob. I keep them down to a minimum.

Everybody should always adopt the "KISS" approach because trying to be flash can come back and bite you in the a###.

Not only that but when I see a website with all the bells and whistles for me it tends to make me cautious.

Mick
Reply
SurfsideBob Premium
Right on brother, wise advice. Peace Mick. :-)
Reply
wozzy Premium
Have a great new year
Reply
SurfsideBob Premium
You as well my friend! :-)
Reply
ContentBySue Premium
Important advice here, Bob! Thanks for sharing. I am grateful for posts like this and our extraordinary training here at WA.

All the best,
Sue
Reply
SurfsideBob Premium
My pleasure Sue!
Reply
JLennon Premium
Excellent advice.
Reply
SurfsideBob Premium
Thanks bro!
Reply
melpeace36 Premium
Thank you for sharing this information about plugins. I had no idea that plugins can be bad if not careful.
Reply
SurfsideBob Premium
Yes Mel, a poorly written plugin can slow down and even take down your site.
Reply
Armlemt Premium
Thank you for the information, my friend!
Reply
SurfsideBob Premium
My pleasure Miss Anita.
Reply
hirohurl Premium
Thank you for posting this news about plugins. Thankfully, I haven't been using those plugins, but I do have more than WA's recommended number of plugins on most of my sites.

So far, reducing the number of plugins has been one of the most difficult steps for me. Earlier this month I had a problem with an Adsense plugin so decided to remove it and post Google ads manually on my site. Although it takes a bit more time, I was pleased to have reduced my plugins and have more control over exactly where I post the ads on each post.
Reply
SurfsideBob Premium
You're welcome bro. I'm pretty picky about plugins, but I doubt I'll every run fewer than 5.
Reply
Cindyda1 Premium
Thanks for this information I wasn't fully aware of. Very helpful!
Reply
SurfsideBob Premium
No worries Miss Cindy, some of it was released today.
Reply
TRPEng Premium
Good advice , thanks
Reply
SurfsideBob Premium
My pleasure Trevor.
Reply
DEversley Premium
Solid advice there Bob.

Thanks for sharing.
David
Reply
SurfsideBob Premium
My pleasure David, I appreciate your experience and advice as well. Peace brother! :-)
Reply
deanlilly1 Premium
Thanks for the heads up Bob....here's to a great New Year.
Reply
SurfsideBob Premium
You as well Dean, peace my friend! :-)
Reply
verazhelvis Premium
It's good to have some sound fear (nice oxymoren, yeah?) and not to download anything you don't know about, or ask, and double ask people who know better...Which I am doing...haha..
Thanks, Bob. It's a privilege to have such knowledgeable people like you are in the community.:)
Reply
SurfsideBob Premium
Yes ma'am, you are correct! And thank you, as always, for the kind complements. Peace Miss Vera! :-)
Reply
verazhelvis Premium
Yes, sir. Whenever possible, I do both- complements and compliments...:-)
Reply
SurfsideBob Premium
And making people smile, another gift. Do what? lol :-)
Reply
verazhelvis Premium
Sure... One of my gifts which includes ability to laugh at myself, too. Life is much cooler this way.:-)
Reply
SurfsideBob Premium
Do what? Come along and laugh with a Southern Boy! haha Prayers for your happiness and success, that you realize your true potential, and that you Know how you bless others. Thank you Miss Vera! :-)
Reply
verazhelvis Premium
Awww... Thanks much... Can always use all the prayers. You stay blessed, too! And may God be constantly increasing His presence in your life.:-)
Reply
1signbanner Premium
Ok Bob will do, thanks!

Frank
Reply
SurfsideBob Premium
My pleasure Frank, peace bro! :-)
Reply
PatsyC Premium
Hi Bob, thanks for the information and leaving the names of the 'tainted' plugins.

We don't know what plugins can bring along with them when we don't check them out.

Thanks for sharing :)
Reply
SurfsideBob Premium
My pleasure Patsy! :-)
Reply
MKearns Premium
Thanks for exposing the ulterior reasons for WA shunning excessive plugins Bob!
Reply
SurfsideBob Premium
My pleasure Mike, always thankful for your input as well. Peace bro! :-)
Reply
TheOldGuy Premium
Thanks for the info!
Reply
SurfsideBob Premium
My pleasure bro! :-)
Reply
suzzziq Premium
Thanks for the share, Bob:). Good info. to know!
Blessings:)
Suzi
Reply
SurfsideBob Premium
My pleasure Suzi, you're welcome! :-)
Reply
suzzziq Premium
Quick question...if I want to delete a plugin, do I need to just deactivate it, or do I need to something to the code also? I hate messing with the code!
Reply
SurfsideBob Premium
Deactivate and then delete. I also use Updraft Plus to perform a backup when making major changes, and will publish a post on that within the next week.
Reply
suzzziq Premium
Great, thanks!
Reply
subcpo14 Premium
Bob, thanks for bringing this up and watch out for snow late this week. Happy New Years. Jay
Reply
SurfsideBob Premium
My pleasure bro, and I don't like 4-letter words like "snow." lol
Reply