Upload
christian-nolen
View
248
Download
2
Embed Size (px)
Citation preview
@cwpnolen @emagineusa@WordPressRI #RIWP
WordPress RI Meetup
Evaluating PluginsHow to decide if a plugin is right for your site
Who Am I?Christian Nolen
Technical Director for emagine WordPress Developer
@cwpnolen
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
Big Thank You to WordPress RI Meetup
@cwpnolen @emagineusa@WordPressRI #RIWP
Why?
@cwpnolen @emagineusa@WordPressRI #RIWP
WordPress plugins are bits of software that can be uploaded to extend and expand the functionality
of your WordPress site.
iThemes
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
22% of Hacked Sites are from poorly coded plugins
@cwpnolen @emagineusa@WordPressRI #RIWP
• Decreased Performance • Broken Layout • White Screen of Death (WSOD) • Cross-Site Scripting (XSS) • SQL Injection • Arbitrary File Download • Broken Authentication • Denial of Service (DoS)
Potential Problems
@cwpnolen @emagineusa@WordPressRI #RIWP
Plugins aren’t bad some are just coded that way
Jessica Rabbit
@cwpnolen @emagineusa@WordPressRI #RIWP
JetPack Yoast SEO
NinjaForms EWWW Image Optimizer
WP Mobile Detector
@cwpnolen @emagineusa@WordPressRI #RIWP
Why?
@cwpnolen @emagineusa@WordPressRI #RIWP
Non-Developer Stepsfor evaluating plugins
@cwpnolen @emagineusa@WordPressRI #RIWP
1 Track Pros & Cons
@cwpnolen @emagineusa@WordPressRI #RIWP
2What’s the Rating?
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
3 Is it Maintained?
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
4 Is there Support?
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
5 Check for Vulnerabilities
@cwpnolen @emagineusa@WordPressRI #RIWP
https://wpvulndb.com
WPScan Vulnerability Database
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
@cwpnolen @emagineusa@WordPressRI #RIWP
6 Test Plugin on a Staging Site
@cwpnolen @emagineusa@WordPressRI #RIWP
7 Benchmark Performance
@cwpnolen @emagineusa@WordPressRI #RIWP
• Keep your plugins (themes and core) up-to-date
• Audit your plugins on a monthly basis.
• Subscribe to wpvulndb.com & other like services
• Get rid of un-used plugins • Backup your site nightly
Moving Forward
@cwpnolen @emagineusa@WordPressRI #RIWP
Resources• WPScan Vulnerability Database - https://wpvulndb.com/ • Plugins A-Z Podcast - http://wppluginsatoz.com/ • Importance of Updating - https://sucuri.net/website-
security/website-hacked-report • How WP Sites Get Hacked - http://torquemag.io/2016/03/
wordpress-sites-hacked/
@cwpnolen @emagineusa@WordPressRI #RIWP
Resources: Part Deux• Compare Plugins - https://managewp.org/plugins/compare • Site Speed - https://gtmetrix.com/ • Site Speed - http://www.webpagetest.org/ • Security Scanner - https://sitecheck.sucuri.net/ • Wordfence Email List - https://www.wordfence.com/
@cwpnolen @emagineusa@WordPressRI #RIWP
Questions?
@cwpnolen @emagineusa@WordPressRI #RIWP
WordPress RI Meetup
Thank You