Is a website unsafe if many WordPress plugins are installed?
Having too many plugins installed is generally considered a bad habit. This is true in most cases. Plugins can be just like individual pieces of code, with the added benefit of being easy to disable and easy to update through updates.
The more plugins are installed, the more risk that one of them will pose a security risk. It is more about the quality of the plugins than the amount of plugins, one very bad plugin can have more influence on the performance and security of a website than 10 well-programmed plugins.
For example, this website has 45 plugins installed at the time of writing (many of which are extensions of a plugin), yet this website is very fast and secure.
It is also important that the plugins are regularly updated, both by the author of the plugin and the user who uses them. These updates can consist of new functionalities, optimizations or security improvements.
Outdated plugins or themes is the biggest cause of a hack, no less than 98% of the websites that are hacked were not properly up to date. ( Source: https://patchstack.com/website-hacking-statistics/ )
Are you curious about my opinion about a specific plugin, don't hesitate to ask me! Or schedule a meeting without any obligation.
What can you do about spam and bad bots on your WordPress website?
What is a bone?
A bot is a script that is executed by a server or computer to automate certain tasks. They are often linked to the Internet to search and scan websites.
There is a distinction to be made between good bots and bad bots.
- Examples of good bots are those of Google, which index your website and ensure that all pages appear on Google. Or a chatbot that answers the questions of website visitors.
- Bad bots are very annoying, they lower the performance of your website, they post spam comments that you would rather not have, or they scan your website to find vulnerabilities.
If you can exclude bots, you don't have to worry about the security and speed of your website.
What can you do against bots?
Using Captchas with forms.
They probably look familiar, the 'I'm not a robot' box that you must tick, or the click on all images with a traffic light challenge.
These functionalities are incorporated in the forms of many websites so that bots cannot send spam and to exclude that everyone who fills in such a form is a user. These Captchas are designed to make it more difficult for bots to navigate the website automatically.
Nowadays there are also reCaptchas that are not visible on the website, but that use pieces of javascript code to score the visitor on the website based on how naturally they navigate the website.
Find more information about Captchas here
We recommend installing Hide My WP Ghost on the website
Some advantages that this WordPress plugin offers:
- It hides all wordpress files and URLs so that bots cannot abuse them.
- Protects against Brute Force attacks, because the login page is not accessible to the bots.
- Scans for vulnerabilities that can be exploited by hackers.
The pro version of this plugin is included with all our hosting, maintenance & management subscriptions ! This way, in combination with a well-secured hosting, we keep the bots away from your website!