A lot of times, as I clean up hacked sites, I see a lot of plugins that haven’t been developed on or updated in years- beyond even 2 years (many even between the 6-10 year range.) This is truly concerning, as this is a matter of security for your WordPress site.

What makes old WordPress plugins?

It’s not necessarily an ‘old’ plugin, but a plugin that has possibly outdated software. The rule of thumbs in vetting good plugins is that the plugin has to be updated in under 2 years, otherwise you should consider removing and replacing with a plugin that is similar, but actively being developed on. This is because some code like php, or javascript, or jquery could become vulnerable to malware injections, bot attacks, and hacking, if not kept up-to-date.

When it coming to securing a site, making sure the website has a fresh version of the most up-to-date version of WordPress, and plugins are important. Themes too. However, outdated plugins can become vulnerable or no longer be compatible with the most current version of WordPress. In this, you have a couple choices:

  1. Have (pay) a web developer update the outdated plugin(s)
  2. Seek out and choose a plugin with similar features that is actively being developed, and compatible with the most current version of WordPress. This may require time to install, configure, and even add information into it.
  3. Contact the original plugin developer and hope for a miracle.

Why you should keep your plugins up-to-date

You are required to keep all scripts on your website up-to-date. This is something most web hosts have in their terms of service, and you can be suspended or terminated. Also, Google can either label your site as hacked in the SERPs or blacklist you, or dock you (malware red screen) for having a site that’s not secure. Having a secure website is actually part of Google’s Quality Guidelines (aka Webmaster Guidelines.)

Sure, as a website owner, you’re discovering that there’s more to maintaining a website. Sure, it’s frustrating when dealing with parts of your website that won’t work, but there’s a solution – update your website and change out the incompatible plugins with ones that are compatible. It will take time, and for some who don’t want to fool with it, most likely cost some money. However, it’s your website, and if you’re not ensuring that it’s safe, you’re not giving your website visitors a safe experience.

How to Make Sure Your Old WordPress Plugins are Secure And Compatible

So, how do you check to to see if a plugin is old, and what do you do with it?

  1. Go to the Installed Plugins section of your WordPress admin area.
  2. Go down the list and click on each listing, on ‘View details.’ This will only be available for plugins that are in the WordPress.org plugin directory.
  3. A window will pop up. You will look for the Last Updated date, and the Compatible Up to version.

If your plugin is under 2 years old, you shouldn’t worry, unless your website has some error. If the plugin is over 2 years old, you should consider eventually changing it out with a plugin that has similar features. You don’t HAVE to do this, but eventually some older plugins begin to no longer work, or could become vulnerable to malware, so it may be in your best interest to change it.

For plugins that don’t have a ‘View details’ link, you will need to find the developer’s website and ask them. Some plugins are linked to their sales pages, and you can find out from their changelog, on what the latest version is. If the developer’s site no longer exists, then you may want to remove the plugin.

How to check if an old plugin is compatible?

This is usually easier to check for. If you’re running plugins older than 2 years old, and your site isn’t sluggish, or has errors, or it’s not working as you expect it to, then you may want to troubleshoot to see if it is the old plugin at fault. To troubleshoot, disable or deactivate all plugins, and then activate them one-by-one. As you do that, check to see if the unexpected actions (ex: error, site broken) come back up away. The plugin that you activate, that triggers the unexpected action, may be the culprit.
Don’t have time to check your plugins, feel free to ask one of our infection cleanup specialists during your infection cleanup service. We’ll be more than happy to help.