The document discusses evaluating WordPress plugins, highlighting their ability to extend site functionality but also the risks of poorly coded plugins leading to security vulnerabilities. It outlines a step-by-step process for non-developers to assess plugins by considering pros and cons, ratings, maintenance, support, and potential vulnerabilities. Additionally, it provides resources for further information and emphasizes the importance of keeping plugins updated and regularly auditing them.

1. @cwpnolen @emagineusa@WordPressRI #RIWP
WordPress RI Meetup
Evaluating Plugins
How to decide if a plugin is right for your site

2. Who Am I?
Christian Nolen
Technical Director for emagine
WordPress Developer
@cwpnolen
@cwpnolen @emagineusa@WordPressRI #RIWP

3. @cwpnolen @emagineusa@WordPressRI #RIWP
Big Thank You to
WordPress RI Meetup

4. @cwpnolen @emagineusa@WordPressRI #RIWP
Why?

5. @cwpnolen @emagineusa@WordPressRI #RIWP
WordPress plugins are bits of software that can be
uploaded to extend and expand the functionality
of your WordPress site.
iThemes

6. @cwpnolen @emagineusa@WordPressRI #RIWP

7. @cwpnolen @emagineusa@WordPressRI #RIWP
22% of Hacked Sites
are from poorly coded plugins

8. @cwpnolen @emagineusa@WordPressRI #RIWP
• Decreased Performance
• Broken Layout
• White Screen of Death (WSOD)
• Cross-Site Scripting (XSS)
• SQL Injection
• Arbitrary File Download
• Broken Authentication
• Denial of Service (DoS)
Potential Problems

9. @cwpnolen @emagineusa@WordPressRI #RIWP
Plugins aren’t bad some are just coded that way
Jessica Rabbit

10. @cwpnolen @emagineusa@WordPressRI #RIWP
JetPack
Yoast SEO
NinjaForms
EWWW Image Optimizer
WP Mobile Detector

11. @cwpnolen @emagineusa@WordPressRI #RIWP
Why?

12. @cwpnolen @emagineusa@WordPressRI #RIWP
Non-Developer Steps
for evaluating plugins

13. @cwpnolen @emagineusa@WordPressRI #RIWP
1Track Pros & Cons

14. @cwpnolen @emagineusa@WordPressRI #RIWP
2What’s the Rating?

15. @cwpnolen @emagineusa@WordPressRI #RIWP

16. @cwpnolen @emagineusa@WordPressRI #RIWP
3Is it Maintained?

17. @cwpnolen @emagineusa@WordPressRI #RIWP

18. @cwpnolen @emagineusa@WordPressRI #RIWP
4Is there Support?

19. @cwpnolen @emagineusa@WordPressRI #RIWP

20. @cwpnolen @emagineusa@WordPressRI #RIWP
5 Check for
Vulnerabilities

21. @cwpnolen @emagineusa@WordPressRI #RIWP
https://wpvulndb.com
WPScan Vulnerability Database

22. @cwpnolen @emagineusa@WordPressRI #RIWP

23. @cwpnolen @emagineusa@WordPressRI #RIWP

24. @cwpnolen @emagineusa@WordPressRI #RIWP
6Test Plugin on a
Staging Site

25. @cwpnolen @emagineusa@WordPressRI #RIWP
7 Benchmark
Performance

26. @cwpnolen @emagineusa@WordPressRI #RIWP
• Keep your plugins (themes and
core) up-to-date
• Audit your plugins on a monthly
basis.
• Subscribe to wpvulndb.com &
other like services
• Get rid of un-used plugins
• Backup your site nightly
Moving Forward

27. @cwpnolen @emagineusa@WordPressRI #RIWP
Resources
• WPScan Vulnerability Database - https://wpvulndb.com/
• Plugins A-Z Podcast - http://wppluginsatoz.com/
• Importance of Updating - https://sucuri.net/website-
security/website-hacked-report
• How WP Sites Get Hacked - http://torquemag.io/2016/03/
wordpress-sites-hacked/

28. @cwpnolen @emagineusa@WordPressRI #RIWP
Resources: Part Deux
• Compare Plugins - https://managewp.org/plugins/compare
• Site Speed - https://gtmetrix.com/
• Site Speed - http://www.webpagetest.org/
• Security Scanner - https://sitecheck.sucuri.net/
• Wordfence Email List - https://www.wordfence.com/

29. @cwpnolen @emagineusa@WordPressRI #RIWP
Questions?

30. @cwpnolen @emagineusa@WordPressRI #RIWP
WordPress RI Meetup
Thank You