Rookie WordPress developers often use plugins for every little addition to a website – even when there’s a very easy way to do what they want without a plugin!
There are several potential problems with this approach:
- Too many plugins can slow down your site
- Plugins can sometimes conflict with one another, causing the desired function – and sometimes the entire site – to not work
- Some plugins may contain intentionally malicious code
We recently ran into the third problem. Two plugins in use in a number of the many sites we monitor and maintain were found to have malicious code.
A new developer bought and took over work on at least two existing plugins (so far) and added code which was found to hijack certain aspects of the site. The plugins were slipped into the WordPress plugin repository and went unnoticed until a particularly OCD developer checked the code before using it, found the problem, and reported it.
The current versions of these plugins are verified as clean, but will probably discontinue development. I’ll be contacting you directly about alternatives if you were affected.