Rookie mistakes, conflicts, and malicious code

Rookie WordPress developers often use plugins for every little addition to a website – even when there’s a very easy way to do what they want without a plugin!

There are several potential problems with this approach:

  1. Too many plugins can slow down your site
  2. Plugins can sometimes conflict with one another, causing the desired function – and sometimes the entire site – to not work
  3. Some plugins may contain intentionally malicious code

We recently ran into the third problem. Two plugins in use in a number of the many sites we monitor and maintain were found to have malicious code.

A new developer bought and took over work on at least two existing plugins (so far) and added code which was found to hijack certain aspects of the site. The plugins were slipped into the WordPress plugin repository and went unnoticed until a particularly OCD developer checked the code before using it, found the problem, and reported it.

The current versions of these plugins are verified as clean, but will probably discontinue development. I’ll be contacting you directly about alternatives if you were affected.

New WordPress feature: Log in with Username, Email, or both

Since your email address can often be found ‘in the wild’ and your user name can be any dang (hard to guess) thing you want it to be, we strongly suggest that you use the User Name option. We’ll be setting everyone’s login to ‘User Name only’ unless I hear otherwise from you.