If you’re thinking of developing a WordPress website, and you’ve heard rumours that WordPress plugins are unsafe, those unsafe plugins are only unsafe if they’ve been abandoned by the plugin author.
You should only install WordPress plugins that have been updated in the last 3 months.
If you’re self-hosting WordPress, you may be concerned whether your plugins are safe.
You should only use WordPress plugins that are still maintained by the plugin author.
A quick way to check whether your plugins have been abandoned by their plugin author is to install the excellent Wordfence security plugin, and run a Wordfence Scan.
Related: How to Secure your WordPress website (instructions on how to install & configure Wordfence).
The Wordfence Scan will reveal any vulnerabilities faced by your WordPress website, as well as any plugins or themes which have been abandoned by their author. If you find such abandoned plugins or themes, you should find an alternative that has been updated in the last 3 months @ the WordPress plugins directory or themes directory or CodeCanyon, a commercial plugin & theme marketplace.What WordPress plugins do I need?