In the world of WordPress websites, plugins allow you to quickly and easily add functionality to your website. Virtually all WordPress sites will have at least one plugin active.
Before we go too far, let’s take a step back and talk about the difference between plugins, themes, and WordPress itself.
WordPress is a content management system (CMS). All of the basic functionality of the website, the ability to add themes and plugins and have them work, have different users, etc. That is built into WordPress. WordPress has to be installed on your web server in order to use its plugins and themes.
The theme is the styling and layout of the pages. Themes usually determine things like color scheme, where your logo goes, what kind of navigation menu your site has, or whether a page has a sidebar. Within themes could be templates, which are usually different layout types for pages. For example, you might have a specific template within a theme for the home page or a portfolio. Most themes do not have functionality built into them (in fact, there was a concerted effort a few years ago to get all functionality out of themes so if you wanted to change themes you wouldn’t lose your functionality).
Plugins add functionality. It could be something big and complex like a shopping cart or event management or membership. Or, it could be something more simple like a recent posts widget. That’s just for the front-end of the website. There plugins for backend functionality like adding custom fields to posts and pages or allowing drag & drop reordering of posts. There are even plugins that have no settings or other visible characteristics but they do something with the backend code.
Most plugins will need to be updated at some point. Plugin authors often add new features or patch security holes and release a new version. You are notified of new versions in your WordPress admin. Especially when it comes to the security updates, it’s important to always keep your plugins up-to-date. Out of date plugins are a leading cause of websites getting hacked and, according to Wordfence research, a hacked website costs about $2,518 to recover.
What happens when plugin updates go wrong?
Unfortunately, sometimes things go wrong when a plugin update is applied. It could be that the new plugin has some code in it that conflicts with your theme so your website doesn’t display right anymore. It could be there is a bug in the new release and it breaks something. Thankfully, this doesn’t happen very often but it can and does.
That’s why it’s important to have backups of your website. Run a backup before updating a plugin and it’ll be a lot easier to restore your site back to normal if something went wrong with a plugin update. Some backup tools even will back up just the plugin you are updating so it only has to restore that part of your site when you revert.
Other plugin issues
Many plugin authors stop supporting their plugins or abandon their plugins. That means as new versions of WordPress are released, these plugins are not being updated to stay compatible and may not work with newer versions of WordPress.
Recently, several plugins were sold to a new developer and the new developer injected malware into the plugins and released updates of the plugins. As soon as websites with one of these plugins were updated, those sites were infected with the malware.
We were lucky in that none of our client’s sites used those plugins but with the popularity of WordPress (nearly one-third of all websites use WordPress), this is happening more often.
What you can do about it
You may think your site isn’t popular enough or you’re not big enough to get hacked so there’s no need to take any precautions to protect your website. That’s completely false. It doesn’t matter if you’re a big brand or a mom-and-pop shop. The bad guys are looking for any way in and they start with vulnerabilities and security flaws. That’s why it’s so important to keep your website current. This goes for your plugins, but also your WordPress core installation and your theme.
If you are in your WordPress admin and you see there is a plugin update, check out the changelog (Click the “View version # details” link on the update) and make sure the update looks legit, then apply it. If this seems too scary or you’re worried you’ll break something, hire someone to help you out. It’s far more cost-effective than having to fix a broken or hacked website.
The bottom line is to make sure your plugins are getting updated frequently, whether you are doing it or someone else. It’s important for the security and well-being of your website and the internet as a whole.