There are many many website owners out there who use WordPress. And rightfully so, it is a great platform. One of the things I personally like, as a non-developer, is that it is open source and others built stuff for me. Usually that means you just grab a plugin which looks cool and does something you always wanted your site to have or do. But in some cases that might not be such a good idea. Because plugins can cause troubles too.
I’ve had plugins instantly take down my sites or slowed them down very much, but it can go a lot further. A Google Webmasterforum thread shows that a plugin could potentially take your site out of Google. A Facebook Like Plugin did that to a site from a forum poster.
The thread shows that a website mysteriously disappeared from the Google search overnight. The owner of the website didn’t have a clue whatsoever at first. The website returned a 302-redirect when fetched as a Googlebot. The 302 however showed it was a like-button plugin affecting the site. The user deactivated the plugin and then his site was fine again.
This user was lucky enough to first notice it and then get his site back in Google really quickly. But the damages could have been much bigger. Unfortunately this can happen. And in this case it looked as if the plugin deliberately used malicious code.
“If you see stuff like that, don’t hesitate to email email@example.com and firstname.lastname@example.org outlining the issue and / or forwarding to me so we can have people take action. Plugin authors like that obviously should be banned from the WP.org repository if they did it with malicious intent. This plugin contained a check for Googlebot specifically, you wouldn’t do that by accident.”
Now, to be honest, this could have happened to me too, because I am no coder. I don’t understand all the code behind a plugin. And I am not alone in that, I think most WordPress users are like that. So are we all doomed?
Far from. Off course the WordPress community is working hard to prevent these kind of plugins to get through, so we are ‘protected’ somewhat if we use plugins coming from the WP.org repository. But you should still be alert. Most of the time the most used plugins are tested pretty well, so they are mostly safe. But if you are not sure about a plugin, go check with programmers, other users and check forums. A simple Google search will sometimes tell you enough. And off course it is always safer to use plugins from better known developers. They can’t afford to screw up .Posted in News | Tags: plugins, wordpress