Outdated WordPress Plugins- Are They Safe? Don’t Put Your Business at Risk!

Disclosure: Some of the links you’ll encounter are affiliate links. If you click and buy something, I’ll get a commission. If you’re reading a review of some precious metals company, please understand that some of the links are affiliate links that help me pay my bills and write about what I love with no extra cost to you. Thank you!

WordPress users often ask: Are outdated plugins safe to use on a WordPress site?

“Can I install this plugin, it’s outdated?

Will it harm my website? Should I use another plugin”?

Uff! I am sure they had many a sleepless night worrying over this potential harm to their website.

Well no more!

I can’t stand it any longer (because I am starting to lose sleep over it)

So here’s an article that explains when you can, and when you shouldn’t use out of date plugins.

And as a bonus, you will also learn how to contribute to WordPress community by labeling a plugin safe/broken.

Let’s go!

How Can WordPress Tell When the Plugin is Outdated?


WordPress’s plugin repository is the number one source of free plugins on the web.

Authors there have access to a huge market of plugin-hungry users and a perfect chance to show off their coding knowledge.

By offering pure value (remember- the plugins are free), they hope to also snatch a few paying customers in the process.

This piece of info tells you everything you need to know. Every plugin author wants their work to be immensely popular and have as many free downloads as possible.

However, this rarely happens.

More often than not, a newly released plugin will fail miserably. This leaves the author with no good reason to:

  • work on it;
  • improve upon it;
  • update it (creators pride doesn’t count- this is business).

The usual consequence to this is ”plugin not tested with the newest version of WordPress

Outdated plugin warning in WordPress

Why Does This Happen Exactly?

When first submitting the plugin, authors must also submit documentation on it.

And within those files, there is a “tested up to tag” which displays whether the plugin is keeping pace with the newest releases of WordPress.

And here things diverge completely.

With paid plugins- the tag is always updated (can you guess why?).

With free plugins- it is often not:

Why?

It’s usually because the author:

Remember;

Free plugins are just that- free.

Authors don’t really have that big of an incentive to update the tag even when they do update the plugin.

That is why the most popular plugins like All in One SEO, Yoast SEO, Max Buttons, W3 Total Cache are all updated (and all showing it proudly too).

They have enough paying users.

Here, my favorite button creator, MaxButtons, demands to be updated:

Plugins asks to be updated to newest version

As you can guess, there’s a paid version of this plugin which, by the way, was downloaded more than 100 000 times (not bad, free MaxButtons)

How Can I Tell For Sure Whether a Plugin is REALLY Abandoned?


You can’t.

But you can take an educated guess. Any plugin last updated two years ago should be avoided.

The truth is:

Most would work just fine, but performance is not what I’m talking about.

This is about your site’s security.

As WordPress moves to more and more secure versions, plugins that lag behind become vulnerable to hacking attempts.

In fact, two of the most common routes of attack are through:

  • Plugins that are installed, but deactivated
  • Plugins that are outdated

A short but illustrative story


Imagine you found a forgotten pail filled with milk two years of age.

The milk inside is whiter than cheese, smoother than silk (no clumps), with the smell that reminds you of the fondest days of your childhood.

Ah, those were the days!

You were worry-free; you were running about in the fields;

Oftentimes you got tired and you ALWAYS ran back to the house to get a cup of steaming hot milk, fresh from the cow’s belly.

pail of fresh milk= updated wordpress plugin
This batch of milk is fresh. It comes adorned with beautiful flowers, like a blushing, soft-skinned young maiden

Yes, I am reminiscing, but I think YOU, the reader, have similar sweet childhood memories and can understand the point of my story.

And that point is:

Two years turn the sweet into sour;

Your website is crucial to you– it’s your business.  Be responsible and don’t confuse looking fresh for being fresh.

I know you’re smarter than that.

Can I Install “Not Tested” Plugins?


I can’t tell you what to do; but I can say that, in most cases, you CAN install them.

Here is what I recommend:

Scenario one:

WordPress’s market for plugin developers is huge and there’s no shortage of healthy competition. Snoop around and see if there is a plugin that does the same job AND is updated.

Chances are you could find an even better plugin.

For example:

I always wanted to have content tables at the beginning of my pages and posts, especially longer ones.

But when I researched online using Jaaxy,  I noticed they all recommend “Table of Content Plus”, which I’m sure was an excellent plugin, but now it’s long outdated.

So I researched further and found another one, less know, but superb, called “Easy Table of Content”

That’s the one I’m using to this day.

Scenario two:

If there isn’t one, then install the outdated one. It is probable that only the tag isn’t updated.

If it works, great! No worries there.

Pro tip. Go to the plugin’s page and see what others are saying about it. You are likely not the first with this dilemma.

Scenario three:

If the plugin is last updated 2+years ago- don’t touch it! Save yourself a headache.

I already talked about site security so I won’t say much here, but…

If your site gets hacked, you will get blacklisted in Google. Then you’ll have to restore a backup and lose a lot of recent work.

Moreover, if the problem is more serious  you’ll need to hire someone to help you and that is:

  • More money spent
  • More affiliate commissions lost 
  • More time lost
  • More nerves wrecked

Trust me, no plugin is worth your inner peace.

My site is not hacked
 This is what you want to see- don’t risk it!

And What About Deactivated Plugins? Can I at Least Keep Them?


Now:

I know what you’re thinking.

“I have this plugin on my dashboard, lying around, chilling, doing nothing in particular. I don’t use it, but I might someday”. I think I’ll keep it

Should you?

I say uninstall. Remove completely.

It seems counter-intuitive and hard to believe, but plugins that are installed and deactivated still burden your site.

First, they slow it down.

Just by deleting what you don’t use you can improve your site’s speed and UX, and it is the easiest path to a faster website (the other way is image optimization- very tedious when done manually).

  • The other way to quickly improve UX- http://nikolaroza.com/reading-progress-bar-wordpress/

Second, these plugins are a potential hazard to your site’s health.

Once again hackers can gain access to it through a plugin you don’t use.

This happens when the plugin is badly coded or when the plugin has to be updated and you fail to do it in time.
Trust me, even if you’re just a day too late- it can happen and will be catastrophic.

This happens quite often.

I think it’s because people subconsciously erase it from their mind. “Hey, I am not using it, why should I bother”?

Think about this:

You’re also not using your appendix, but still wouldn’t want to catch appendicitis.

Don’t get sloppy, and don’t slip on a banana skin, especially when, and I know you understand this;

You saw it lying on the ground:)

Help a Fellow WordPress’er Out (Yes, I made that word up)


There are things you could do to help weed out broken plugins.

If it works:

  • Return to the plugin’s page
  • Log in to your WordPress account
  • Go to the compatibility page
  • Select your version of WordPress and plugin and mark it as working
  • Optional-send a message to the author to update the tag

If it doesn’t work:

  • Try it on two different sites to reproduce the same error
  • Report the error on the support thread
  • Wait for the answer from the community or the author
  • If there isn’t response after a few weeks, mark it as broken and move on

Conclusion- Are outdated WordPress plugins safe?


Plugins are important, your site is crucial.

As a responsible webmaster never lose sight of the end goal for you:

  • User satisfaction
  • Earning commissions- if affiliate marketing is your cup of tea (hint: check out Wealthy Affiliate)
  • Having a successful website as an anchor of your whole life’s success.

Thank you for reading.

Please share if you liked it.

Also, I want to hear your say on this. Do you have something to add?

Something to ask?

A story to share?

If yes, do it in the comment area below, thank you.

I think you are awesome,

and I, Nikola, am signing out

Nikola Roza

Nikola Roza is a blogger behind Nikola Roza- SEO for the Poor and Determined. He writes for bloggers who don't have huge marketing budget but still want to succeed. Nikola is passionate about precious metals IRAs and how to invest in gold and silver for a safer financial future. Learn about Nikola here.

14 thoughts on “Outdated WordPress Plugins- Are They Safe? Don’t Put Your Business at Risk!”

  1. Hey Nikola,

    I continuously go through articles like this and learn about how to secure and speed up my blog because, even if I set everything up by myself, I know nothing about WordPress. I do not know how to write a single line of code.

    So, you guys are the only help I got.

    Thank you very much for these very important tips.

    I hope you’ll write more like this.

    Reply
    • Thank you Nirodha,
      I too can’t write code for the life of me.
      That’s why I love WordPress; plugins for everything and I can focus on growing my business, instead of learning code.

      The key is to be picky with plugins you use, lest it comes back to bite you in the arse.

      Reply
  2. Nikola:

    Nice read and great explanation for keeping plugins up-to-date for a smooth-running site.

    You’re right, if you care about your site’s operations and especially UX—not to mention security—it’s good to pay attention and this post tells you exactly what to do to stay on track so, thank you! I’m always checking out plug-ins and always find surprises for things I want to do, but then the worry starts… lol I definitely don’t want to mess up my sites! Thanks for the great plugin tips. Best—Sue-Ann

    Reply
    • Hi Sue-Ann,
      I think there’s a fine balance between using plugins to enhance your site; and using so many of them that it actually becomes a problem in the plugins maintenance departments.
      It’s the woe of us WordPress users:)

      Reply
  3. Good advice,
    it is good to pay attention to older plugins. I had trouble with some of them and realized I can do without them and deleted. The same time I deleted also all inactive plugins, I heard they make the site slow.
    I think we always can find some if needed when we do research.
    Better to be careful.
    Thank you for this article, good to remember to take a look at our sites.

    Reply
    • Hi Erika, thanks for you comment.
      You’re right, it is better to be extra careful than to regret it later. As for plugins, as much as I love using them, the truth is that I, or we bloggers, don’t need most of them to have beautiful and profitable websites.
      It’s all in our head that we must have the newest and greatest.

      Reply
  4. These days when so many of the plugins are being vulnerable, using outdated plugin could be a sin.

    I never use a plugin, without trying it on my locals and some tests.

    A poor coded plugin can destroy the whole site, similarly an outdated plugin can invite so many threats.

    No one should take that risk at all. After all it takes a lot to stand strong and build an online empire.

    Awesome one Nikola! Have a great day!

    Reply
    • Great comment Navin,
      you’re right. It’s dangerous to endanger a whole site just because of a plugin.
      It’s irresponsible too.

      Reply
  5. Hey Nikola!

    Great advice here. Not enough people take security seriously until it’s too late – then they wish they would have thought about it a bit more.

    I still remember the first time I had an issue, it was on my very first blog about 9 years ago. I’m still not sure how the hacker got in, but I woke up one day to see that my entire site had been defaced. It very well could have been through an outdated plugin as I didn’t know they were so exploitable way back then.

    Then again, I was hacked a number of times after that as well, so who knows.

    These days, I always make regular backups of everything just in case something happens again. Regardless of how good your security setup is, I think this is really important and it’s saved me a few times now.

    Anyway, great message!
    – James McAllister

    Reply
    • Hi James,
      thanks for sharing your story. I’m glad to hear it was not a horror story of you losing your site because of some outdated plugin.
      Anyway, you can never be too careful and there are dangers a plenty in the internet Wild West.

      Reply
  6. Hi Nikola,
    I make it a point to update all my plugins whenever there is an updated version. And even though I have not had a problem with the out-dated ones, I believe there is a risk attached to it, which is why the WordPress users are always advised to update their plugins and delete or remove those that are outdated. And going with the insights and recommendation you provided here, I would say we are safe.
    Thank you so much for sharing!

    Reply
    • Hey Moss,
      updating plugins and ditching those that can’t be is an excellent strategy on your part. Because no one’s site is hacked-until it gets hacked.
      And when it does happen, then it’s not the time to be angry at the plugin, but at yourself for doing poor maintenance.
      Thanks for commenting bro:)

      Reply
  7. Hi Nikola, Thanks for the advice about removing the ones you don’t use now but think you might use in the future. I almost lost my site once due to plugins. The health and age of your plugins is so important! I’ll be sharing this one. I will also be checking mine out as I haven’t looked at the last updates in a while though I update daily when I see they need it. 🙂

    Reply
    • Hey Lisa,
      yeah, plugins are the biggest blessing of a WordPress site; but can turn into a terrible curse if we’re not extra careful. And the problem is multiplied by the number of plugins you have.
      You can never be too careful with your precious site…
      Thanks for stopping by, Lisa:)

      Reply

Leave a Comment