New Linux malware has emerged that takes advantage of security vulnerabilities within WordPress themes and plugins of websites that run on a Linux platform.
The post “New Linux Malware Exploiting 20+ CMS Flaws in WP Sites” first appeared on WP Mayor.
Are you wondering whether it’s safe to install and use an outdated WordPress plugin?
Sometimes when you are searching for a plugin to add a new feature to your website, you may find one that looks perfect, but it hasn’t been updated for a while or hasn’t been tested with your version of WordPress. Often times this leads to beginner readers asking the question can I use it without breaking my website?
In this article, we’ll discuss how to determine whether or not you can safely install outdated WordPress plugins.
A WordPress plugin can become outdated if it hasn’t received any updates for a while, or if it hasn’t been tested by the plugin author to ensure it’s compatibility with the latest 3 major releases of WordPress.
We always recommend our readers to keep the plugins in your WordPress website up to date. These updates keep the plugin compatible with changes made to WordPress core, add new features, fix bugs, and address security vulnerabilities.
But what if a plugin that you are using or want to use hasn’t been updated for some time? Or what if it hasn’t been tested with the latest version of WordPress? Is it still safe to use?
The short answer is, it depends on the plugin.
Sometimes outdated plugins simply will not work correctly with newer versions of WordPress. Or the plugin may have even been abandoned by the developer, so that no new features will ever be added.
The biggest concern with outdated plugins is that there may be security issues that can come up. If the plugin isn’t maintained or updated, it might become a target for hackers.
However, just because a plugin is outdated doesn’t mean that it has any of those issues. Some outdated plugins are perfectly safe to use. However, we recommend that you thoroughly test the plugin before installing it on your live site.
With that being said, let’s take a look at how to tell if a WordPress plugin is outdated, and how you can decide whether it is safe to install.
The WordPress Plugin Directory displays a lot of useful information about each plugin. For example, it clearly shows the date each plugin was last updated, and the latest version of WordPress it was tested with.
If a plugin has not been tested for several versions of WordPress, then a warning will be displayed at the top of the plugin page, similar to this one:
This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Where does WordPress get this information? Plugin authors are required to provide it in a readme file when submitting plugins to the WordPress plugin directory.
Unfortunately, busy developers don’t always update the readme file when a new WordPress update is released. Sometimes a plugin was tested more recently than its plugin page shows.
Now that you know how to check if a WordPress plugin is outdated, let’s take a look at how to tell whether it is safe to install.
Just because a plugin hasn’t been updated or tested recently doesn’t mean that it won’t work. How can you tell if the plugin is safe to install on your WordPress site?
Check User Ratings and Reviews
You can click on the ‘Reviews’ tab on the WordPress Plugin Directory to see user opinions and complaints about the plugin. If there is a compatibility problem with a recent version of WordPress, then other users may have mentioned it on this page.
You can also check the user ratings. If the reviews are recent and five stars, then it’s safe to assume that you can use the plugin on your website.
Check the Plugin Support Page
When you click the ‘Support’ tab, you will be taken to the support forum for the plugin. Here you can see any issues that users have been having with the plugin.
You will also see how responsive the plugin’s developer is, and whether they successfully solve issues in a timely manner.
If you decide to install the plugin, this is where you should come if you need support. You can learn more in our guide on how to properly ask for WordPress support and get it.
Check the Plugin Development Page
Another way to check whether it’s safe to install the plugin is by going to the plugin development page. This shows you how active the plugin developer is.
Simply go to the WordPress plugin page and click on the ‘Development’ tab.
In particular, take a look at the ‘Changelog’ section to see how often the plugin is being updated and what recent changes and improvements have been made.
If the developer is actively updating the plugin, then it usually means the plugin is high quality and safe to use on your WordPress website.
On the other hand, if a plugin hasn’t been updated in more than two years, then it may mean the plugin has been abandoned. In that case, you shouldn’t install the plugin since the developer is not actively maintaining it.
Check for WPBeginner Tutorials on the Plugin
You can also check whether the plugin is safe to install on the WPBeginner blog. You can look for tutorials on the plugin by navigating to the Blog » WordPress Plugins page or by using the search feature.
If we recently published a tutorial on a plugin, then this means the plugin was compatible with the latest version of WordPress when we tested it.
Let’s say that you’ve gone through the steps above and decided that an outdated plugin looks safe to install. What should you do next?
Instead of immediately installing the plugin on your live site, you may wish to first test it on a staging site or local WordPress installation.
A WordPress staging site is a test site that you can use to safely test a plugin for problems before going live.
The staging site lives on your web hosting server, so you can be confident that if the plugin works there, you won’t encounter problems on your live site.
Some of the best WordPress hosting companies such as Bluehost, SiteGround, and WP Engine offer one-click staging websites. You can also create a staging site manually or by using a plugin.
You can learn how in our guide on how to easily create a staging site for WordPress.
As an alternative to a staging site, you can install WordPress on your own computer and test the plugin there. You can follow our guides on how to install WordPress locally on Mac or Windows, or using XAMPP.
If the plugin works fine on your test site, then it’s safe to install it on your live website.
While it’s not a good idea to use outdated plugins, sometimes the plugin you’re looking for is the only one that does what you need. In that case, you will need to do your due diligence as we mentioned in our guide.
Other things you can look for is author’s reputation. If it’s a popular plugin author, then you can email them and ask whether they have plans to update the plugin.
Some plugins are so simple that they don’t need any updates, and this is why the author may not push out an update because they know it still works. The popular Page Links To plugin is a good example of that.
It’s written by one of WordPress core contributors, Mark Jaquith, and the plugin has been around for a long time. It doesn’t need any active development because it does one thing and does it well. So even though it shows the outdated error on WordPress.org, this plugin would be something that you can safely install.
The downside though is that if you were hoping to have more advanced redirection features, then it’s going to be lacking in the plugin which is why many users switch to the All in One SEO plugin because it includes this feature and many more powerful SEO features in the plugin.
We hope this tutorial helped you learn whether it’s safe to use outdated plugins with WordPress. You may also want to learn how to register a domain name for free, or check out our expert pick of the must-have WordPress plugins to grow your site.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
The post Is It Safe to Use Outdated WordPress Plugins? first appeared on WPBeginner.
Creating a WordPress website for your business or portfolio is an excellent way to start growing an audience for yourself. However, you may run into scenarios where you want to limit access to specific posts or pages. For example, you may be a filmmaker that wants to limit the viewership of a film on his website to prevent piracy or a photographer trying to safeguard assets. Regardless of your reason, configuring a password on a page allows you to restrict visitor access and permit only particular clients, colleagues, or partners. In this article, we’ll show you how easy it is to password-protect a page in WordPress and why you might need to.
As previously stated, password-protecting a page is a useful feature when you want to limit access to something on your WordPress site. In this way, only users that have been given access to the password can access the pages you lock.
There are a number of reasons why you would want to do this, which can span a page being under construction, gatekeeping users to get their email for marketing purposes or limiting access to photos, art, or other intellectual property for internal usage.
There are a number of security plugins that may have password protection built-in. And there are plugins designed specifically for enhancing password protection in WordPress. But if you’re looking for basic functionality, WordPress has a default feature for password protection. In the following section, we’ll delve into how to password-protect pages natively.
If you aren’t already aware, you can easily password protect a page or post using the built-in feature of the WordPress editor. To do this, start from your admin dashboard and create a new page or post by navigating to Page or Post -> Add New.
Once you are done editing your page, select the publish button and select Visibility.
From the Visibility panel, select Password protected, and create your password in the textbox below.
If you’re wondering if this still works within the Divi builder, good news! It does; the native password-protect functionality works the same in the WordPress editor and the Divi Builder.
If a user visits your password-protected page, they will be met with something that looks like the page below.
Here’s what it looks like using Divi:
It’s just that simple! But while this is the easiest method for password protection, it’s lacking when it comes to more advanced options. Features such as partial content restriction, password-protecting an entire website or unlocking different areas of a site with a single password aren’t possible natively, so this is where a password protect plugin can be helpful.
If you are looking for more password protection features, there are some plugins that should give you what you need. For this example, we’ll be using Password Protect WordPress (PPWP). It’s almost as easy to set up as native WordPress password protection but comes with more features as well.
To get started, let’s navigate to Plugins > Add New from your WordPress dashboard.
In the search box, type “PPWP” and install and activate the free plugin.
Now, when you navigate to your post or page editor, there will be a new section in your sidebar where you can set user roles and corresponding passwords via PPWP.
You can also use shortcodes to lock parts of your content on a page. To do this, navigate to Partial Protection under the Password Protect WordPress section.
From here, you can customize your shortcode and then simply embed your section into any page on your website.
With PPWP, you can even password-protect your entire website from public view. To do this, navigate to the Sitewide Protection option under the Password Protect WordPress section from your dashboard.
From here, simply toggle the Password Protect Entire site option, set your password, and save the changes.
And don’t worry, PPWP works with Divi, so you can password-protect your content regardless of what editor you’re using. If you’re interested in even more password protection features, you can get the pro version of PPWP.
The main difference between the two options is that the plugin has been designed specifically for password protection. Thus, it comes with more features available. Whether you want to password-protect a section of a page, your whole website, or a category of posts, the easiest way to do it is with a plugin.
Search engines aren’t able to index pages that are protected via passwords; this is where a partial section can be useful for SEO, as search engine bots can still crawl to your page, but the content that you want to protect remains hidden.
Natively, this isn’t possible without some coding know-how, but different users can access pages with multiple passwords using features like the PPWP plugin’s password-protection feature that utilizes user roles.
A good starting point with password protection is getting familiar with the default settings WordPress has to offer, but you can get as sophisticated as you want. If you want a simple on-off solution, you can use the built-in password protection functionality in the WordPress editor. But if you are looking for a simple solution with more features, a plugin like PPWP is the way to go. You can learn more about how to partially restrict content with a password. Or, if you are a Divi user, check out DiviPasswords to take your password protection to the next level.
If you are looking for better password security for WordPress in general, consider using a Password Policy plugin.
What do you password-protect on your website? Let us know in the comments!
Article thumbnail image by Natty_Blissful / shutterstock.com
The post How to Password Protect a Page in WordPress appeared first on Elegant Themes Blog.
Site security starts with your users. This post looks at how to implement the most effective WordPress password security guidelines!
The post “How to Implement WordPress Password Security Guidelines” first appeared on WP Mayor.
WordPress can be hacked in many different ways – hackers can be very creative in going after targets. This makes it impossible and dangerous to list all the ways a WordPress website can get hacked, as it may provide a false sense of security. However, we can look at one example that illustrates the process a hacker might typically take to hack a WordPress website.
The post “WordPress Security Based on Facts and Statistics” first appeared on WP Mayor.
High CPU usage from your WordPress site is never a good sign. At best, you’ll see loading times drop to a snail’s pace, and at worst, your site can become inaccessible to visitors.Â
Scary stuff, isn’t it? Luckily, there are plenty of things you can do to sort out your CPU issues once and for all!
The post “How To Fix High CPU Usage In WordPress” first appeared on WP Mayor.
WordPress websites are often targeted by hackers seeking to exploit security vulnerabilities. Web forms are one of the avenues that hackers use to gain entry into a site and steal sensitive information. In this post, we’ll show you how to secure your WordPress forms and ensure the safety of your website and data.
The post “The Ultimate Guide to WordPress Form Security” first appeared on WP Mayor.
Security Ninja is a comprehensive WordPress security plugin that protects your site in different ways. Read our hands-on Security Ninja review to learn more about how it works to protect your site.
The post “Security Ninja Review: Easy-to-Use WordPress Security Plugin” first appeared on WP Mayor.