Guest post by Regina Smola, WordPress Security Expert and Founder of WPSecurity Lock. See the end of this post for details on Regina’s upcoming FREE security webinar, covering the latest security threat spreading on Skype and ways you can protect yourself and stay safer online.
You’ll find me talking on the blog and in my email blasts about WordPress plugin security, but one area I haven’t covered is how plugins can slow your website down.
Did you know that even if a WordPress plugin is disabled it can still affect your site’s load time?
Yes, it’s true! Every time someone opens your site, the database is checked to see which plugins need to be loaded, including the disabled ones. Your WordPress installation queries the database to see which plugins are active and which ones load on the post/page that your visitor has clicked on. It may only take a nano-second, but it does affect load time for each and every plugin you have.
For more help with plugins slowing down your site, be sure to check out Kimberly Castleberry’s blog post: “How To Find Out Which WordPress Plugins Are Making Your Site Slow.”
Of course, I have to mention WordPress Plugin Security too! Did you know that even if a plugin is disabled/deactivated it can pose a security risk on your site? Even if a plugin is not active, it can still be reached in a browser.
Bottom feeders (malicious hackers) can have a 15-course meal off of any vulnerabilities they’ve found. For example: Hackers can search Google for inurl:wp-content/plugins/PLUGINNAME and try to attack every site using it.
Or let’s say they know of a plugin they can break into (active or deactivated). They can visit your site and try to open http://yourdomainname.com/wp-content/plugins/yourvulnerableplugin/yourvulnerableplugin.php. If it’s there, it’s dinner time!
Just so you understand, when you deactivate a plugin you’re telling WordPress not to load said plugin. But it still exists on your hosting server and is accessible.
The moral of the story is, if you’re not using a plugin delete it to help speed up your site and remove the security risk. And always remember to keep the plugins up to date.
P.S. When you look at your list of plugins, please don’t say, “Well, I want to leave it there in case I want to use it later.” If you want to use it in the future then install it when you’re ready to activate it!
LEAVE YOUR FEEDBACK
Would love to hear how many plugins you “deleted” after reading this post. Please leave your comment below.
ABOUT REGINA
Regina Smola is a sought-after WordPress Security Expert, Speaker, Author and Founder of WPSecurityLock.com.
October is National Cyber Security Awareness Month. To help spread awareness Regina Smola and Michael Schultz are providing a 1-hour FREE webinar: Keeping Yourself Safe on Skype in which they will cover the latest security threat spreading on Skype and ways you can protect yourself and stay safer Online. Join them Monday, October 29, 2012 9pm EST. To register for FREE, click here.
Note: This post first appeared on the WP Security Lock blog at http://www.wpsecuritylock.com/are-your-wordpress-plugins-making-your-site-slow-and-vulnerable/