Free, open source software is tremendously beneficial to a wide variety of businesses and websites. Not only is the price right, but because it is open source, there are scores of people working on the programs. You can easily find support, answers to your questions, and, of course, free plugins to create a more user-friendly, convenient, and efficient experience for you and your visitors. But when you use a free content management system, like Wordpress, Joomla, or Drupal, there are risks. What do you do when plugins attack?
Hackers like open source software and CMSs as much as businesses do. It is easy for them to gather data and visitor information via a plugin or add-on. When you register to get a plugin, you are giving that developer access to personal information, including login information. Even if the plugin itself isn’t dangerous, that is a lot of data to give out, especially if you use that login in multiple places. If the plugin is, in fact, malicious, you may not realize it, especially if it is well-designed, until your information or that of your readers has been compromised.
But you can’t stop using plugins. They do add usability and customization that may be crucial to your site. It is important, though, to do your homework before you download a plugin. What should you look for?
- A reputable developer. Are they well-known? Are their plugins frequently used?
- Are there any known vulnerabilities or malicious behavior associated with this plugin or developer?
- Make sure you have the latest version of your CMS uploaded.
- Secure your site by adjusting your File Permission Settings.
Wordpress, Joomla, Drupal and other open source programs allow your site to compete with the big boys even if you are on a budget. Just remember to exercise caution and be selective about your plugins. Take the few minutes necessary to check up on a specific plugin or developer and always be vigilant about security.