Site Hoarding Plugins Impacts: When a certain plugin or theme no longer fits on the site, the usual thing to do is just look for another one. However doing that may have devastating implications for your WordPress platform without scraping the old one, and in this article, we can explain just how.
Plugin hoarding is not like compulsive hoarding, a condition in which persons accumulate unwanted items but are unable to discard them. Plugin hoarding is not a disease. There are reasons why plugins are hoarded by site managers. Let’s take a step back before diving into the conversation to explain that certain individuals end up hoarding plugins and themes.
Hoarders have their reasons:
They Like to Try New Services
If you run a WordPress website, you will accept that there is a normal inclination for plugins and templates to be attempted. If a certain plugin or theme doesn’t fit or you see a new one that no longer catches your attention on your website, you switch to a different one. Doing it without replacing the old one leads to themes and plugins being pilled up.
As a safety net, they retain older plugins & themes
Another explanation why site owners retain unused add-ons (especially themes) when upgrading to new ones is so that they can quickly revert back to the previous one in case the need occurs (e.g. if they don’t like the new look, or if the site crashes with the new plugin/theme). However this method sets up a vicious cycle-the more you have to work out the less likely you will be.
They Find it Difficult to Sort Out So Many Plugins & Themes
It’s easy enough to mount a new add-on and deactivate the one you’re replacing because your site has a range of plugins and themes. The challenge is much easier than searching for and removing all the unused add-ons, especially when you already have a massive list to wade through.
Much of the time, hoarders don’t know they’re being a hoarder plug-in. But if they were to be adversely impacted by the practise, then it is a cause for concern, and their habit of hoarding should be purposely curbed. Let’s take a look at what happens on your WordPress site as you pile on plugins and themes.
How Hoarding Plugins Impacts Site Negatively:
To clarify how specifically they affect the website, let’s have a look at both of these.
Too Many Plugins Equals Too Many Problems
Often, depending on their features, when you instal a plugin on your web, it adds custom tables to your WordPress database. Although this is not a challenge of its own, it becomes more difficult to remove the aforementioned plugin. This is because removing the plugin would not uninstall the custom table, in truth, until you uninstall the plugin entirely, you can’t remove them (i.e. the tables in your database). This happens in the case of a range of plugins, such as WooCommerce, WordFence, NinjaFirewall, etc., that have to make instrumental improvements to the web. When you no longer have the plugins, keeping these tables on your web raises the size of your database excessively, and can even trigger it to crash.
More Add-Ons Make a Slower Site
It is understood that so many themes and plugins are used to bog down the website. Your website server needs to run all of the working plugins every time anyone opens a tab on your blog. This bogs the machine down. Think about WordPress as a human being able to carry out various tasks. If a man had to do 10 tasks together within a short amount of time, at the end of the day he would get bored and finally slow down. Similarly, since several plugins have to run at the same time, the WordPress platform slows down.
This is why WordPress encourages daily ‘housekeeping,’ which means testing and only using new better-functioning plugins and themes appropriate for the platform. And, remove the plugins you no longer need as well. Not only disable them, but delete them altogether.
Unused Add-Ons Threaten Your Site’s Security
Site-owners, however don’t really worry about outdated add-ons being modified. Vulnerabilities can be created by add-ons to your web (whether active or not). When they are not updated, merely because they are on your web, they could be the backdoor to a hack. This is because hacker-bots, which crawl the web for bugs, also have access to their PHP data. As a consequence, when these bots come across redundant or exploitable PHP files on your site, your site is quickly hacked.
Way to a Clutter-Free Website:
Automating Updates on Your Site
Automating the updates with both plugins and themes is a seemingly easy way to minimise this possibility (whether active or not). This action will help you save time, but it has one caveat: not all changes to the plugin and theme are compatible and could crash the web. In this case, the way out is to provide a stable backup plan that you can use to recover the site if this occurs, and then one by one to upgrade the inactive plugins and themes. Or before any improvements to the live server, you can test the updates on a staging platform.
It is easy enough to identify the unused plugins that require updates when they are singular objects, but when a vulnerable script or plugin is inserted in a style, things get even more complicated. Often, changing the theme would not update the plugin contained in it so you’ll always be vulnerable to an assault. This is what happened to a number of WordPress pages that used themes that were loaded with plugins/scripts from RevSlider and TimThumb. In these examples, the scripts were abused by hackers who used them to access the servers of the sites and carry out attacks such as Remote File Inclusion, Local File Inclusion, and Execution of Arbitrary Code. Hackers could also plant malicious code that, even after the plugin/theme has been changed, would allow them access to these pages.
This is why deleting a plugin or a theme as soon as you find an acceptable substitute for it will be the most vigilant solution.
Most of the time, if deactivated, deactivated plugins allow you to uninstall them. For themes, it’s the same too. Here’s how a plugin or a theme can be deleted:
Visit the ‘Addons Installed’ tab on your site’s WordPress dashboard.
It’ll take you to a page where all your plugins are listed. If you have deactivated plugins, they’ll appear under the option ‘inactive.’
Click on it, and it’ll take to another page from where you can delete the inactive plugins. But before hitting the ‘inactive’ button, we suggest you make sure that you won’t require that particular plugin in near-future.
However, if you are not able to disable or remove plugins this way, you will have to:
- Check the readme file ‘Information’ that includes guidance about how to uninstall it properly
- Deactivate and manually delete the plugin via your FTP client (e.g. FileZilla). Using a Malware Accurate Scanner like MalCare.
Hackers have multiple reasons to hack a site these days. The reality is that every site, even though you follow these measures, can be compromised. Hackers are starting to discover more and more ingenious means of leveraging the tools of your web. Although the above steps are what you can take to thwart attacks by hardening the security of your site as a WordPress site owner, it is of utmost importance that malicious code is found at first instance and false alarms are not created.