By Andrea Rowland, GoDaddy

Plugins for websites built on platforms like WordPress® are wonderful … until they’re not.

Plugins can make your small business website stand out from the competition in terms of customization, speed, and integration with other systems — like social media networks. Plugins such as WordPress SEO by Yoast can help people find your site. You can monetize it with plugins like Ads Elite for Joomla!®. Separately or in bundles such as Jetpack for WordPress, they can take a so-so site to stellar status by improving its appearance, functionality and performance.

Plugins also can compromise your website if they’re not secure.

“While plugins and extensions provide useful features, it’s important to keep your website’s security in mind if you consider using these tools. A single security vulnerability in a plugin or extension can lead to the compromise of a fully patched application,” Kurt Payne, a seasoned developer over at GoDaddy, notes in “Zip it up: Security tips for plugins, themes and extensions.”

To keep your website safe while enjoying the myriad benefits of plugins, Kurt suggests four basic plugin security tips:

  1. Delete unused plugins. If you don’t have that code on your website, hackers can exploit it. Learn more about deleting plugins here.
  2. Be careful about where you get your plugins. Unless you get your plugins from a trusted source, you’re in danger of installing a plugin that contains malware. Malware is a type of malicious code that includes viruses and spyware, which can cause problems ranging from unwanted pop-up ads to the theft of passwords and other sensitive information.
  3. Use strong passwords. You hear this all the time, but really, this is where online security starts. “There are large, automated password guessing swarms of computers out there trying to break into WordPress sites, so keep your password hard to guess,” Kurt stresses. Here’s a helpful resource for generating strong passwords.
  4. Keep your plugins up to date. Kurt recommends a handful of resources to help you keep track of and manage necessary plugin updates, including:
  • WP Updates Notifier – This plugin monitors your WordPress installation for needed updates and alerts you via email.
  • ManageWP – If you’ve got more than a couple WordPress sites, this dashboard enables you to more easily manage and update them at once.
  • InfiniteWP – Another single admin panel to manage multiple WordPress sites.

Pro tip: Kurt even developed a plugin, the P3 (Plugin Performance Profiler), to help you target WordPress plugins that are causing site slowness.

Be sure to read the full post to get all of Kurt’s helpful hints for keeping your website’s plugins, themes and extensions secure.

About the Author:

A former small business owner and newspaper journalist, and a published nonfiction author, Andrea Rowland helps craft compelling communications for today’s go-getters through her work as a copy editor at GoDaddy. Connect with Andrea on Google+. The world’s largest domain name registrar and Web hosting provider, GoDaddy gives small business owners the tools to name their idea, build a beautiful online presence, attract customers and manage their business. To get more tips for your small business—including articles, videos and webinars—check out the GoDaddy Training Hub.

4 Security Tips for Website Plugins