Avoid Bad WordPress Themes And Plugins

Adrian Cruce

Updated on:

So many people these days end up with hacked websites. They always end up blaming the hosting provider. We need to all understand the fact that in most situations it is the fault of the site owner that something went wrong. Hosting providers that have a really good reputation, like Nexcess, guarantee security but they can only guarantee their part of the equation. If you leave the doors open to hackers, they will come in.

While there are many different problems that can appear, when referring to WordPress, the biggest problem is associated with the theme used or the plugin that is installed. The blogging platform does evolve daily and this automatically means that coders will create and promote various plugins. Many of the plugins will end up causing problems even if they are safe now as hackers find new ways to open those site doors.

By User:mattthomas (http://2010dev.wordpress.com) [GPL], via Wikimedia Commons

How Do Hackers Gain Access To WordPress Sites?

This is a question that you need to know the answer to. There are many different ways in which this is possible but what usually happens is linked to vulnerabilities. A hacker will find vulnerability in a plugin or a theme. Then, he/she will look for sites that have the same vulnerability. The hacker goes from one site to the next and keep hacking.

Who Is At Fault?

Although we already mentioned this, most people will point fingers towards hosting providers. When the site owner leaves an open door, there is absolutely nobody to blame but him. If you own a site, it runs on WordPress and a hacker gain access to your site, or worse, the entire server, it is your fault. The good news is that backups are usually in store but there are situations in which they cannot help. You need to be patient and make sure that your site is secured.

Related Article:  The Importance of Meta Tags

The Exploit Database

While you cannot fully protect yourself as new vulnerabilities appear every single week, you can avoid using those plugins and themes that are known to be vulnerable. You will want to visit the Exploit Database. It includes a huge list of plugins and themes that you should never use. Take a look at all the plugins that you use at the moment, including those that are not activated. See if they are included in the database. If so, remove them immediately.

Tips To Help You Protect Your WordPress Website

One thing that you need to always remember is that your plugins and your theme need to be up-to-date at all times. WordPress includes a very good feature that lets you know when updates are available. As soon as you see that this is the case, it is time to perform the update.

We should also mention that updating WordPress is also something that needs to be done. During our database building for the Guest Posting service that we offer, we were surprised to notice that most of the blog installations that we gained access to are way behind on the platform version used.

We also noticed that people still use some plugins that have not been updated for years. This is something that is not at all great since many threats might have appeared in that period in which the coding was not updated. There are always replacements that are available for every single plugin. Always remember this! New great plugins are developed every single month. It is impossible not to find alternatives that give you access to proper support and update schedule.

Related Article:  How To Easily Improve Your Site’s Design - Simple Tips To Consider!

As time passes, we are used to trying different plugins and when we do not need them, we just deactivate them. Contrary to popular belief, this is not enough. The programs will leave a footprint and really clever hackers can find it. A really good rule of thumb that you need to take into account is: if you no longer use a plugin, do not deactivate it, delete it! It is possible to re-install in the event that it is necessary.

When talking about the themes, it is a little difficult to protect yourself. The good news is that most of the themes are secured. However, the same update problem appears as with some of the plugins. The best thing that you can do is use a theme that is paid and that offers very good customer support. Simply put, these themes are a lot better. Whenever a problem appears, people in the development team take care of it as soon as possible.


No matter what you might believe, securing your website is not just the job of the provider. The hosting company needs to offer you all the tools that you may need in order to have a very good experience but with a platform like WordPress, you can actually damage the entire server. Hackers are everywhere and there are people that learn how to hack sites as you read these lines.

In the event that your website is your business and you need it to be as secured as possible, never go for a shared hosting account. This is due to the fact that your site will be hosted on the same system that holds many other sites. Another webmaster might be using a plugin that is vulnerable. You can be affected by this and lose money.

Related Article:  The Best Responsive WordPress Themes To Consider In 2015

An example of a secure choice is the NEXCESS WordPress Hosting package. Stay focused on quality services and never settle for resellers. It is always better to deal directly with the companies that have the servers you are about to use. You want your server to include all the modern security features that you need in order to be secure. However, as you already realized, you need to also play your part.

Take into account all the advice that was offered above. If you have another piece of advice that you believe is valuable, share it in the comments section. The more people know about the security of the WordPress platform, the harder it is for hackers to gain access to our websites.

By Boris Dzhingarov