There are many many website owners out there who use WordPress. And rightfully so, it is a great platform. One of the things I personally like, as a non-developer, is that it is open source and others built stuff for me. Usually that means you just grab a plugin which looks cool and does something you always wanted your site to have or do. But in some cases that might not be such a good idea. Because plugins can cause troubles too.
I’ve had plugins instantly take down my sites or slowed them down very much, but it can go a lot further. A Google Webmasterforum thread shows that a plugin could potentially take your site out of Google. A Facebook Like Plugin did that to a site from a forum poster.
The thread shows that a website mysteriously disappeared from the Google search overnight. The owner of the website didn’t have a clue whatsoever at first. The website returned a 302-redirect when fetched as a Googlebot. The 302 however showed it was a like-button plugin affecting the site. The user deactivated the plugin and then his site was fine again.
This user was lucky enough to first notice it and then get his site back in Google really quickly. But the damages could have been much bigger. Unfortunately this can happen. And in this case it looked as if the plugin deliberately used malicious code.
If this happens the best thing to do is get in touch with WordPress. On a Google+ thread started by Googler John Mueller Word Press developer Joost de Valk says:
“If you see stuff like that, don’t hesitate to email security@wordpress.org and plugins@wordpress.org outlining the issue and / or forwarding to me so we can have people take action. Plugin authors like that obviously should be banned from the WP.org repository if they did it with malicious intent. This plugin contained a check for Googlebot specifically, you wouldn’t do that by accident.”
Now, to be honest, this could have happened to me too, because I am no coder. I don’t understand all the code behind a plugin. And I am not alone in that, I think most WordPress users are like that. So are we all doomed?
Far from. Off course the WordPress community is working hard to prevent these kind of plugins to get through, so we are ‘protected’ somewhat if we use plugins coming from the WP.org repository. But you should still be alert. Most of the time the most used plugins are tested pretty well, so they are mostly safe. But if you are not sure about a plugin, go check with programmers, other users and check forums. A simple Google search will sometimes tell you enough. And off course it is always safer to use plugins from better known developers. They can’t afford to screw up 
.
Stay up to date with the latest articles
Thats why it pays to learn how to code, even if its at a elementary level.
The first time this happened to me I had installed a cache clearing plugin and a few minutes later – nothing, zilch – no site! Nothing quite like that to focus one’s attention and to get one part of the anatomy twitching! Fortunately my web host had a live chat facility so I activated that and they talked me through what I had been doing, deleted the plugins directory and the site reappeared – sans plugins but alive and kicking,
I reinstalled each plugin one at a time until I found the one causing the problem and all was fine but for a moment I was a candidate for the cardiac ward!
When adding a plugin via the WordPress Dashboard, I can’t see a way to tell if a developer is any good. The plugins have star ratings, but these aren’t much help when (I think) they can show a 5 star rating from a single review. There’s no way I would remember a list of good WordPress developers – it could be a mile long, especially when you consider that some plugin developers may do an excellent job but only release one plugin.
I’m a PHP developer and I totally disagree with the comment about that “it pays to learn how to code”. It might be useful, interesting, beneficial or enjoyable for people who can get to grips with it. But coding is not something everyone can understand, let alone do well.
Furthermore, despite being a PHP developer I don’t have the time to go through the code in every plugin I install. Equally, I wouldn’t expect the WordPress team to be able to vet every line of code in every plugin without significantly increasing their workload, and increasing the amount of time it takes to get a good plugin into the repository.
What might help – and I apologise if this is already being done – is to have an easier way for WordPress users to mark a plugin as good or bad right from their Dashboard. Forget the star rating for now – let’s have a simple good/bad vote with a quick comment box. It is enough of a pain to have to log in and comment at WP.org that many people won’t do it, they’ll just remove the plugin without saying why.
Also, perhaps it might help if the developers who make good plugins and play by the rules could be marked as “trusted”, similar to the “verified” accounts on Twitter. Or maybe a positive rating on a plugin could contribute to a positive repuation score for the plugin author, similar to the reputation over at StackOverflow.
Just some views, not necessarily the right ones
The best approch i used is to download with most used and in case the plugin is new i go to forum and ask for the comments 1st instead of directly download on my website…
Whenever installing a plugin, I always check for several things – here are some:
1) When was it last updated
2) What version of WordPress is is compatible with
3) Ratings
4) How many times it has been downloaded.
5) Visit the actual plugin site and see how credible it looks.
If you go with the plugins that are recommended and check the above points, you are more likely to be able to trust it.
[...] Of Search – “Be Careful Choosing WordPress Plugins: They Could Kill Your Rankings“. With WordPress being such a widely used content management and blogging platform, this [...]
[...] hier den Originalbeitrag weiterlesen: Be Careful Choosing WordPress Plugins: They Could Kill Your … [...]
[...] Bas van den Beld of StateOfSearch.com spotted this cry for help on a Google Support Forum: [...]
[...] that doesn’t mean more is better, or that all plugins are equal. StateofSearch explains that the wrong plugin could hurt your ranking, using the example of a plugin that actually pulled a site out of Google search [...]