2.5 Secure Your Themes and Plugins

Hello everyone, I am Reggie Dawson. Welcome to the WordPress Security Tips course for Touch Plus. Another way that intruders can break into your WordPress site is through the plugins and themes that you install. This is code that you are actually installing into WordPress, so you have to be careful. The best practice is only to install plugins and themes from reputable sources. For the most part, I install any plugins from the WordPress plugin registry. Anytime I've used third party plugins and themes, I made sure I did research before installing anything. It is also a good idea to limit the amount of plugins you install. Even though the functionality you may need may be in a plugin, think about the possible problems it can introduce. Coming from a background working with hardware, you would not believe how many times I've seen software incompatibilities cause errors. This is no different with WordPress and it is never a good idea to introduce untested software into a production system. Before installing a plugin, check it out in the WordPress Plugin Registry. Make sure you look at the installation instructions. Then definitely check out the reviews and see what the users say about the functionality of the plugin. Also take note of the active installs. The more installs, the better the chance it's not a buggy plugin. Use your judgement and remember to install a plugin when it has the features you must have and not those you just want. Of course it is also a good idea to keep our plugins up to date the same way we would with our WordPress installation. If we look at the Plugins menu, the small badge next to it indicates how many plugins have updates available. Again, this is a local testing version of WordPress I haven't used in a while, so a lot of updates are pending. If I click on the Update Available link, I can see all of the plugins with updates. I can select them all by clicking the top check box. After that I can use the bulk actions to update them all at once. It is also a good idea to keep all of your themes up to date as well. Going into the Themes menu will display all of your installed themes. If there is an update available, it will appear in the window for the theme. You should also delete any unused theme that you never have any intention to use. This is because you probably won't update this unused theme, which could leave it vulnerable to some future exploit. For the most part, you should only install themes if you intend to use them. Now for an added sense of security we can use the Theme Authenticity Checker. This plugin will examine your themes to make sure no malicious code has been included. Once we install it another menu will appear under Appearance that says TAC. If we click on this we see the results of the scan of our themes. As you can see here all of my themes are okay. Now this is in no way a foolproof plugin, but it can give you some peace of mind that your theme has not been tampered with. Now these are some of the things that you can do with your themes and plugins to help secure your WordPress site. In the next video, we will take a look at the full featured security plugin, WordFence.