WordPress Has Again Closed Plugins
You've no doubt heard here on WA about limiting your use of plugins. The standard reasoning is because using numerous plugins can reduce page load speeds. And that is correct. But that's not all of it.
The larger problem with the plugins that are used is the code that is injected into your site - and WA - due to these plugins. Don't get me wrong - WA has some of the best security around. But using bad plugins, aka code, puts your site at risk. And I don't mean just risk of looking stupid, but backdoor hacking that places your site visitors at risk as well.
Today Wordfence announced that three more plugins have been removed from the WordPress Repository. Their explanation is as follows: "The WordPress Repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins."
The three plugins I am referring to today are Duplicate Page and Post, No Follow All External Links, and WP No External Links. By the way friends, by following the training here and utilizing other resources, you will not even need plugins to achieve what these three claim to do. And you won't jeopardize your site health.
I share this, not to be alarming, but to educate. Many here at WA are new to site design, and it's easy to see a Plugin that looks cool with all kinds of shiny bells and whistles. I have mentioned before, and will continue to emphasize, that if you are considering adding a plugin, please consider these three points prior to downloading and/or installing into your site:
1) Make sure the plugin is from a trusted author. That means someone that has written more than one plugin, and preferably a person/company who has successfully written many.
2) If the version is 1.0 or is a plugin with low number of installations and/or reviews, step away from the plate and do not swing. Why in the world would you jeopardize your site with bad code written by a newbie? More info here on good practices.
3) Following the instructions on the links above will make sure that you protect your sites, your hard work, and your reputation.
4) Make sure that the plugin you are considering has been tested with your current version of WordPress.
Set up a sample SiteRubix site to experiment on. It will help you with themes, plugins, and growth. Use proven plugins rather than experimenting with the unknown. Learn, grow, and succeed. That's all I got. Peace friends! :-)