What is the Impact of WordPress Plugins 

What is the real impact of using plugins to enhance WordPress performance?

The WordPress Plugin library offers an endless depth of enchantments for your WordPress site.  You name it РI am sure there is a plugin or two that can handle your need. It is important to remember that WordPress plugins are developed by Third-party developers (and not the WordPress team). Plugins do adhere to guidelines to help ensure that plugins remain secure and safe for users.

The importance of site speed

Other than the obvious – that people do not like using a slow website.

A slow loading website creates a bad user experience.
And is more prone to errors.

And you do have Google monitoring your site speed while determining your site ranking. Slow websites rank lower than fast loading website.

With each plugin installed there is an exchange.

Site Speed

Plugins can slow down the loading speed of your WordPress website.

 

Security

Hackers use plugin vulnerabilities to access your website.

How do plugins impact your website speed?

WordPress PageSpeed Without Plugins Installed

Mobile 98 / Desktop 100

WordPress PageSpeed With 3 Plugins Installed

Mobile 68 / Desktop 79 / Grade F

PageSpeed

Mobile 80 / 75 / 84 / 81

Desktop 88 / 87 / 93 / 90

Grade E / F / B / C

PageSpeed

Mobile 80 / 91 / 80

Desktop 95 / 87 / 86

Grade B / D / B

PageSpeed
(Not Connected)

Mobile 99 / 96 / 99

Desktop 96 / 93 / 95

Grade B / B / B

PageSpeed (Connected)

Mobile 89 / 9o / 97

Desktop 91 / 89

Grade D / A 

The importance of site security

No one wants to interact with your hacked website. End of Story. 

Once your site is hacked – you have no idea to what may be happening to your site, your content, or your end user.

You can only clean up the mess and hope for the best. With the best outcome being that the hack was small and impacted as few users as possible. 

Infections Comparison

WordPress is the most popular CMS to be infected.

2020 = ??%

2019 = 94%

2018 = 90%

2017 = 83%

Plugins that have been hacked

Discount Rules for WooCommence

  • SQL injection
  • Authorization Issues.
  • Unauthenticated stored cross-site scripting.

For more information:

 

WP Product Review

  • Unauthenticated stored cross-site scripting.

For more information:

 

File Manager

  • Upload Webshells hidden in an image.¬†

For more information:

 

Google Sitekit

  • Hack

For more information:

 

What Changes are Hackers Making to Your Website

Redirect Administrator

Locking Admin Out of the Site.

Create New Admin Accounts

Hacker can take over your site.

Inject Backdoors

The most popular hack.
The Inject Backdoor provides the hacker access even after webmaster changes passwords or patched vulnerable software.

Malware 

Malware can reverse security
(WordPress Malware Disables Security Plugins to Avoid Detection).

SQL injection

Hacker interfere with the queries that an application makes to the database.
Can gain access to passwords, credit card information.
Compromise the underlying server and back-end infrastructure.

Unauthenticated Stored Cross-site Scripting.

Type if injection in which malicious scripts are injected into your website.
Can circumvent origin policy that segregate websites.

Web Shells

Malicious script that is the second step of an attack to maintain persistent access on an already compromised web application.

The Seven Most Popular Attacks