What WordPress Doesn't Tell You
WordPress plugins make blogging life easier. The only issue is that WordPress doesn't notify users if a particular plugin no longer works or has been removed from the WordPress directory for virus-related reasons. This means that you could be running a WordPress plugin that might be a hazard.
What's the best way to tell if a plugin you're using is troublesome? Why, with another plugin, of course! This morning I came across a WordPress plugin called ‘No Longer In Directory.' As you might have guessed, this plugin will let you know which of your plugins are no longer available for safety reasons.
Using the ‘No Longer In Directory' Plugin
The one drawback to this plugin is that it's entirely manual. So, you will have to set up the plugin on your own, and you can't let it run in the background without a concern in the world. Go to the plugin's settings page, and set up the plugin as you see fit. Then, search through all of your existing plugins to find out if one is particularly troublesome.
Note: WordPress does not remove plugins unless they are a safety risk, for the most part.
Why Plugins Are Removed From the Registry
As mentioned, WordPress removes plugins that are harmful. Some more specific reasons why plugins may be removed from the WordPress directly include:
- Guilty by association: if other plugins created by the same author are found to be problematic, WordPress will get rid of all plugins that were created.
- Author Request: the developer behind the plugin asked to have the plugin removed permanently.
- Broken rules: a plugin breaks WordPress directory rules, so WordPress shuts down the plugin for good.
- Harmful: a plugin has been found to be particularly harmful, so WordPress has removed it completely.
In short, if WordPress has removed a plugin from the directory page, there's a really good reason why that plugin no longer exists. So, it pays to go through the plugins that you currently use to see if one or a few are no longer working within your best interest.
Another Notification Issue
In addition to not notifying users if a plugin has been removed from the WordPress directory, WordPress will also not let you know if you are downloading an infected plugin. How can this happen? When you're asked to update a plugin through your WordPress dashboard, it's for a good reason.
If you neglect to update that plugin, you could be setting yourself up for disaster, but WordPress will not let you know. Instead of warning users: ‘DOWNLOAD THIS UPDATE – OLDER PLUGIN IS INFECTED!' WordPress simply tells you to update the plugin. That's simply not good enough because most people think that an update isn't really necessary.
What WordPress Doesn't Tell You: The Moral of the Story
- First, update all plugins when prompted (it only takes a few minutes!).
- Second, make sure that the plugins you are using are still available through the WordPress directory. You can do this by using the plugin listed above.
- Third, always research the plugins you are going to use. If there are problems with the plugin you want to use, skip it.