May 3, 2018 by Paul G. | Ask Paulie Anything

Are inactive WordPress plugins a security risk? – Ask Paulie Anything, Episode 4

Shield Logo

The question of inactive WordPress plugins is one that comes up a lot. Is it a security issue to retain inactive WordPress plugins on your site? Is this a problem? Should you keep them or remove them? You’ll discover the full answer to this question and more in the video.

In this Episode 4 of Ask Paulie Anything, I’m going to answer the question that was sent to me on Facebook. It highlighted a good misunderstanding that some people might have about WordPress plugins and security.

Are Inactive WordPress Plugins A Security Risk?

The question was:

Is having all plugins installed on my website but not being activated leaving me open to security risks?

Someone immediately replied “Yes” – one word and that was it.

0:27 – Why That Was Not A Great Answer

One thing we have to understand is that plugins on your website are code and that code could be good, bad or ugly. They could have security risks or they might not.

If a plugin is not active it means that that code is not going to be instantiated, is not going to run normally when WordPress loads, but it’s still code and it’s still on your website.

So, if the plugin itself has a security risk, that security risk, at least in principle, is on your website. It might not be normally loaded with WordPress, it might not have any security risks but it’s still there.

1:22 – Why Are Inactive Plugins A Problem?

It’s not a problem but, do you know what security risks it has or doesn’t have?

So, why to keep it on your website?

If a plugin is not active on your website, don’t keep it on your website.

Installing plugins on WordPress is easy, you click “search” and you install it.

Keeping the plugin also means there’s another plugin you need to keep updated.

So, if you like more work, or if you like to run the risk, by all means, keep inactive plugins on your website.

Bottom line: Remove any plugins on your website that you don’t need. Just get rid of them.

2:03 – Not All Answers To Your Questions Are Correct Answers

I’m going to use this opportunity to highlight something important as well.

When you’re on the internet and you ask a question and someone responds to you with an answer like “Yes, inactive plugins represent the security risk”, it doesn’t mean that it’s correct, it doesn’t mean that’s an accurate answer.

On the internet, anybody can say “Yes”, anybody can say “No” and most people think they know what they know is correct.

That’s OK, but what I want you to understand is when you put a question out there for everyone to read, then anyone can answer and that includes people who don’t fully understand the situation.

Maybe he is right when he says “Yes”. If that code can get executed and that code has security risks associated with it… then he is right. But, most of the time the answer is wrong. It’s not an open security risk. You have an inactive plugin there but we don’t know what that plugin is and we don’t know if that plugin itself has security risks.

So, bottom line again: Don’t necessarily trust that every answer on the internet is complete and in wholly accurate.

I hope that this was useful.

Thank You! Comments, Questions?

If you have any feedback or comments you want to make, please feel free to leave them in the video. Or, if there’s something you’ve always wanted to know about WordPress but never knew who to ask, use the link below.

Ask Your Own Question Here.

As always, if you’re watching this video on YouTube, click to subscribe or, if you use Facebook, click to “Like” or share it – whatever you want to do. 🙂

ShieldPRO Testimonials
@shearease's Gravatar @shearease

Excellent product with exceptional customer service

Shield pro has been protecting our website for a few years now. It is intuitive and easy to use. Customer service and support are also second to none.

@benzin147's Gravatar @benzin147

Superb Security, highly reliable

I’ve been using Shield Security and Shield Security Pro from their early days several years ago, and watched the plugin go from a simple reliable tool to a fully featured Security Plugin Suite for WordPress. Along the way the Support for the plugin has been excellent, though rarely needed. There’s…

@ngett's Gravatar @ngett

Simple to Use

I’ve been using this plug-in for approximately 4 months and I’ve had no problems. It’s easy to set-up and the instructions are straight-forward. I love that I did not have to spend a lot of time to configure the plugin. Very pleased.

@calamityjaneagain's Gravatar @calamityjaneagain

Simple Firewall — brilliant!

This is a very, very good plugin. It is easy to set up and once in place you won’t even know it’s doing it’s job. Install it now — you won’t regret it!

Hey there beautiful! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

I Was Born To Go Pro →

Comments (1)

    “Ask Paulie anything” is really a great idea! Thanks for helping us out on the complicated technical stuff Paul.
    Much appreciated.

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese