@cwpnolen @emagineusa@WordPressRI #RIWP

WordPress RI Meetup

Evaluating PluginsHow to decide if a plugin is right for your site

Who Am I?Christian Nolen

Technical Director for emagine WordPress Developer

@cwpnolen

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

Big Thank You to WordPress RI Meetup

@cwpnolen @emagineusa@WordPressRI #RIWP

Why?

@cwpnolen @emagineusa@WordPressRI #RIWP

WordPress plugins are bits of software that can be uploaded to extend and expand the functionality

of your WordPress site.

iThemes

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

22% of Hacked Sites are from poorly coded plugins

@cwpnolen @emagineusa@WordPressRI #RIWP

• Decreased Performance • Broken Layout • White Screen of Death (WSOD) • Cross-Site Scripting (XSS) • SQL Injection • Arbitrary File Download • Broken Authentication • Denial of Service (DoS)

Potential Problems

@cwpnolen @emagineusa@WordPressRI #RIWP

Plugins aren’t bad some are just coded that way

Jessica Rabbit

@cwpnolen @emagineusa@WordPressRI #RIWP

JetPack Yoast SEO

NinjaForms EWWW Image Optimizer

WP Mobile Detector

@cwpnolen @emagineusa@WordPressRI #RIWP

Why?

@cwpnolen @emagineusa@WordPressRI #RIWP

Non-Developer Stepsfor evaluating plugins

@cwpnolen @emagineusa@WordPressRI #RIWP

1 Track Pros & Cons

@cwpnolen @emagineusa@WordPressRI #RIWP

2What’s the Rating?

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

3 Is it Maintained?

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

4 Is there Support?

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

5 Check for Vulnerabilities

@cwpnolen @emagineusa@WordPressRI #RIWP

https://wpvulndb.com

WPScan Vulnerability Database

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

@cwpnolen @emagineusa@WordPressRI #RIWP

6 Test Plugin on a Staging Site

@cwpnolen @emagineusa@WordPressRI #RIWP

7 Benchmark Performance

@cwpnolen @emagineusa@WordPressRI #RIWP

• Keep your plugins (themes and core) up-to-date

• Audit your plugins on a monthly basis.

• Subscribe to wpvulndb.com & other like services

• Get rid of un-used plugins • Backup your site nightly

Moving Forward

@cwpnolen @emagineusa@WordPressRI #RIWP

Resources• WPScan Vulnerability Database - https://wpvulndb.com/ • Plugins A-Z Podcast - http://wppluginsatoz.com/ • Importance of Updating - https://sucuri.net/website-

security/website-hacked-report • How WP Sites Get Hacked - http://torquemag.io/2016/03/

wordpress-sites-hacked/

@cwpnolen @emagineusa@WordPressRI #RIWP

Resources: Part Deux• Compare Plugins - https://managewp.org/plugins/compare • Site Speed - https://gtmetrix.com/ • Site Speed - http://www.webpagetest.org/ • Security Scanner - https://sitecheck.sucuri.net/ • Wordfence Email List - https://www.wordfence.com/

@cwpnolen @emagineusa@WordPressRI #RIWP

Questions?

@cwpnolen @emagineusa@WordPressRI #RIWP

WordPress RI Meetup

Thank You