How Hoarding Plugins Impacts Site Negatively
Hoarding Plugins Impacts Site: When a particular plugin or theme isn’t working for your site anymore, the common thing to do, is to just look for another. Doing so without deleting the old one, however, can have disastrous consequences for your WordPress site and in this post, we are going to discuss exactly how.
Hoarding of plugins is not like compulsive hoarding which is a disorder where people acquire excessive objects but are unable to discard them. Hoarding of plugins is not a disorder. There are reasons why site owners hoard plugins. Before jumping into the discussion, let’s take a step back to understand why some people end up hoarding plugins and themes.
Hoarders Have Their Reasons:
1. They Like to Try New Services
If you own a WordPress site, then you’d agree that there is a natural tendency to trying out plugins and themes. When a particular plugin or theme isn’t working or see a new one that captures your attention for your site anymore, you move to a different one. Doing so without deleting the old one leads to pilling up themes and plugins.
2. They Keep Older Plugins & Themes As a Safety Net
Another reason site-owners keep unused add-ons (especially themes) after they switch to new ones, is so they can change back to the previous one easily, in case the need arises (e.g. if they don’t like the new look, or if the new plugin/theme crashes the site). This practice, however, opens up a vicious cycle– the more you have to sort out, the less likely you’re going to.
3. They Find it Difficult to Sort Out So Many Plugins & Themes
When your site has a number of plugins and themes, it is simple enough to install a new add-on and deactivate the one you’re replacing. The job is much easier than looking for all the unused add-ons and deleting them, especially when you already have a huge list to wade through.
Most of the time hoarders don’t realize that they are becoming a plugin hoarder. But if the habit were to negatively impact them, then it’s a reason for concern, and their hoarding habit should be deliberately curbed. Let’s take a look at what happens when you pile on plugins and themes on your WordPress site.
How Hoarding Plugins Impacts Site Negatively:
Let’s take a look at each one of these to understand how exactly they impact the website.
1. Too Many Plugins Equals Too Many Problems
Sometimes, when you install a plugin on your site, it adds custom tables to your WordPress database, depending on their functionality. While this isn’t an issue by itself, uninstalling the said plugin becomes more complex. This is because deactivating the plugin, won’t remove the custom table, in fact, you can’t remove them (i.e. the tables on your database) unless you delete the plugin completely. This happens in the case of a number of plugins that have to make instrumental changes to your site, such as WooCommerce, WordFence, NinjaFirewall, etc. Having these tables on your site when you no longer use the plugins, increases the size of your database unnecessarily, and may even cause it to crash.
2. More Add-Ons Make a Slower Site
Using too many themes and plugins are known to make your site slower. Every time someone opens a page of your site, your website server has to run all the active plugins. This bogs down the system. Think of WordPress as a human being capable of performing numerous activities. If a man had to do 10 things together within a limited span of time, he’d get tired and eventually slow down by the end of the day. Likewise, your WordPress site slows down when it has to run multiple plugins at simultaneously.
This is why WordPress recommends regular ‘housekeeping’, which involves checking for newer, better functioning plugins and themes suited to your site, and only using them. And, also delete the plugins that you no longer require. Not just uninstall but completely delete them.
3. Unused Add-Ons Threaten Your Site’s Security
Site-owners, however, don’t necessarily care about updating unused add-ons. Add-ons on your site (whether active or not), will develop vulnerabilities. When they aren’t updated, they could be the doorway to a hack simply because they are on your site. This is because their PHP files are still accessible to hacker-bots, which crawl the web for vulnerabilities. As a result, your site is easily hacked when these bots come across outdated or exploitable PHP files on your site.
Way to a Clutter-Free Website:
1. Automating Updates on Your Site
A seemingly simple way to mitigate this risk is to automate your updates, for all plugins and themes (whether active or not). This action would help you save on time, but has one caveat: not all plugin and theme updates are compatible and could cause your site to crash. The way out, in this scenario, is to have a reliable backup solution that you can use to restore your site in case this happens, and then to update the unused plugins and themes one by one. Or you can test the updates on a Staging site before making changes to the live site.
Identifying the unused plugins that need updates is simple enough when they’re singular items, but when a vulnerable script or a plugin is embedded into a theme, things become a lot more complex. Updating the theme sometimes won’t update the plugin embedded in it, and so you’ll still be vulnerable to an attack. This is what happened to a lot of WordPress sites that used themes which came bundled with the RevSlider and TimThumb plugins/scripts. In these cases, the scripts were exploited by hackers, who used them to gain access to sites’ servers and carry out attacks such as Remote File Inclusion, Local File Inclusion, and Arbitrary Code Execution. Hackers could even plant malicious code that will give them access to these sites, even after the plugin/theme has been updated.
This is why the most diligent solution, would be to delete a plugin or a theme as soon as you find a suitable replacement for it.
2. Deleting Add-Ons
Most of the time, deactivated plugins allow you to delete them once deactivated. It’s the same with themes too. Here’s how you can delete a plugin or a theme:
Visit the ‘installed plugins’ page from the WordPress dashboard of your site.
It’ll take you to a page where all your plugins are listed. If you have deactivated plugins, they’ll appear under the option ‘inactive.’
Click on it, and it’ll take to another page from where you can delete the inactive plugins. But before hitting the ‘inactive’ button, we suggest you make sure that you won’t require that particular plugin in near-future.
If you can’t uninstall or delete plugins this way, however, you will have to:
- Check the ‘Details’ readme file that contains instructions on how to properly uninstall it
- Deactivate the plugin and remove it manually through your FTP client (e.g. FileZilla). Using an Accurate Malware Scanner like MalCare.
Hackers these days have numerous reasons to hack a site. The truth is that any site can be hacked, even if you follow these steps. Hackers keep finding more and more ingenious ways to exploit your site’s resources. While the above steps are what you should take as a WordPress site owner to thwart attacks by hardening your site’s security, it’s of utmost importance that will detect malicious code at the first instance, and won’t raise false alarms.
Sufia is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Sufia distils the wisdom gained from building plugins to solve security issues that admins face.