At the end of March, Mikey Veenstra of WordFence and independent blogger Jem Turner each confirmed issues with the Pipdig WordPress plugin.
For starters, it allowed Pipdig’s owners to drop the tables for a website without the site’s owner’s permission. And on the worst end of the spectrum, it used websites that ran it to launch Distributed Denial of Service attacks on competitors.
Admittedly, I never heard of Pipdig until these revelations were unearthed. From what I can see, Pipdig’s plugin powers a number of Pipdig themes, which are apparently used by a lot of fashion bloggers. So in a matter of days, fashion bloggers who used it were looking for new themes.
As expected, a lot of bloggers were confused on Twitter, but fortunately WordPress and web developers were able to step up and help out. In the end, I think a lot web devs who were plugged into the situation realized we need to be better about communicating things to non-technical users. And a lot of bloggers realized they need to stay up with web dev news, at least a little bit.
So with Pipdig’s issues behind us, here’s how you can try to avoid a similar situation down the road and navigate the WordPress plugin landscape.
Only look at reputable websites
A great way to pare down the number of plugins you’re looking at is to limit where you’re looking in the first place. Trim down the websites you’re looking at to only those that are reputable.
The WordPress Plugins directory is a great place to start. All of the plugins that show up here go through an extensive check before they are displayed. They abide by WordPress’ rules, and you can feel really confident in using them on your site.
If you don’t find what you need there, you can try out some legacy plugin marketplaces like CodeCanyon and Mojo Marketplace. The standards here can be sort of hit or miss, but you can rely more on the reviews other people have left in order to point you in the right direction. And if it involves payment, you’re more likely to be successful with a refund should you need it.
And if you’re using plugins like WooCommerce, Easy Digital Downloads, Gravity Forms, etc., they typically have their own plugin marketplaces. Again, quality could be hit or miss, but those plugins are designed to work with the “parent” plugin and the authors can be a bit more trusted.
But staying on the beaten path will most likely lead you to something that works and will work with your website.
Let’s Keep Your Story Online
Creating a new website can be a challenge. But keep it up and running efficiently can be a challenge. You have to make sure things are updated and running smoothly because if your site is down, no one can find or read your story. But I can help make sure that’s never a problem for your business.
Another great thing to do is to ask questions to the developer and/or the customer support staff if there is one.
This is your chance to ask anything you want. You can ask about how it might work with your site, what sort of documentation there is and if there are any potential pitfalls. Really, there are no bad questions to ask. Just ask whatever you need to feel good about using it. And good developers will love to help you out.
If you don’t get a response within, say, a couple of days or you can’t find contact information for the plugin author, then those are huge red flags. At best, that plugin is no longer supported. At worse, the plugin is going to be a huge headache. I know I try to at least send a response within 24 hours for any of my plugins and themes even if I’m not able to get around to the issue to fix it.
But if you are able to get in contact with the author and they answer all of your questions, it’s time to move forward.
When in doubt, trust your gut
But even if all of the above conditions are met, you still might not have a great feeling about using a certain plugin in on your site. And that’s perfectly fine.
Even if you don’t consider yourself to be an expert, you can still have a gut that tells you if it thinks something is off. We all have it in many different situations. So it’s understandable if you still feel like something’s not right even if everything else seems right.
If you find yourself in that position, it’s probably a good idea not to use that plugin. There are likely many plugins that do something similar that won’t give you that feeling. And it’s better to be safe than sorry, especially when it comes to your site’s functionality and security.
And if you still want a second opinion, reach out to other developers to see what they think. You can reach me via email or Twitter, and other WordPress developers would love to help you out as well.
But the key when looking for plugins for your website is to vet them thoroughly. Check them out, look for reviews and other opinions and ask questions. At the end of the day, you’ll either feel good about using it or feel good about avoiding it.
Leave a Reply