Choosing Plugins Wisely: Protect your WordPress site against hacking through plugins

1. Download plugins only from reputable sources. For free plugins, this means WordPress.org only! Since anyone can create a WordPress plugin, hackers can exploit this vulnerability to hide their own nefarious plugin. The WordPress.org plugin library will only offer plugins that are known to be safe.  Other software sources that offer paid plugins such as CodeCanyon.com are generally safe.  Be sure that the plugin you are purchasing has reviews or ratings.
2. Ensure all your plugins are up to date. Any time you see the option to update your software, do it!  New version releases often contain security fixes that will protect you from malware, and old, outdated plugins can become gateways for hackers to gain access to your website.
3. Remove any unused plugins.  Unused plugins tend to take up space on your server, slow down your site, and become vulnerable to hacking if they become out of date.
4. Check plugin performance.  We recommend the plugin P3 (Plugin Performance Profiler) that scans your current plugins to determine if any of them are causing system-wide issues such as bandwidth hogging, slowing your site or clashing with system files.  Keeping your site running smoothly has a great impact on your site’s SEO.
Keep these basic rules of thumb in mind while maintaining your website and you should have a healthy site!