Plugin policy

If you log into your site with your admin account* you will see that there’s a menu item called ‘Plugins’. These are small programs that add functionality to a WordPress site.

Some do it behind the scenes (like the one which is installed to help stop your site being hacked by limiting the number of times anyone can get your password wrong without being prevented from accessing your site for several days) and some are more visible, providing assorted superwhizzo features (but like much other shiny stuff, you almost always don’t actually need them!)

Or at least that’s the promise. In practice, some of them are a complete pain: plugins installed by some of the people who have used YES have..

  o   Deleted all their pictures (something that promised to help optimise them)

  o   Slowed their site to a crawl (it was continually trying to back it up)

  o   Completely locked them – and us – out of their site entirely (an overzealous security plugin). Update: this has now happened twice.

Some plugins also carry a nasty payload: plugins can do almost anything, including turn your site into a toxic mess. Ones you install via your site come from a WordPress-run resource that means they should be ok in that regard, but people still make mistakes and one of the basic rules of computing is ‘never be one of the first people on your block to try a new program’ – let other people find out it’s a buggy pile of crap!

So we suggest** that you talk to us before installing any of them, especially if the authors want you to pay for them.

Now that two people have been screwed over by it, we recommend*** that you do not install the plugin ‘Better WP Security’.

It may be a good time to remind people of one of the aspects of the YES support policy: if you mess things up, it may cost you money to have it sorted out. Specifically people who ignore the above recommendation will be charged****.

Update: A rather neat trick means that you won’t be able to install Better WP Security now, even if you try :)

Update2: The same applies to WordFence, a similar ‘security’ plugin which looks just as dangerous if you don’t know the implications of what it does.

* Which obviously isn’t called ‘admin’ – that’s the one 95% of hackers try when looking to break in!

** Remember, this is consultancy speak for ‘Have a very good reason for not doing it this way’ :)

*** .. similarly, this means ‘Do it this way or else!’

**** Told you.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *