Ultimate Website Security Tools

Scan your website for Malware
The dengers of outdated wordpress plugins and themese

WordPress is a great platform for building websites. It is easy to use and has an active community to help you when things go wrong. However, there are some issues with the software itself: Many plugins and themes have been abandoned by their developers or are simply no longer maintained. This can lead to security issues and other bugs on your site. And if you do not update them regularly, they could even be used as attack vectors against your website!

Reasons why your plugins and themes are not updated

– No website’s support/care plan implemented;
– Intentionally deferred WordPress upgrades;
– Absence of plugins/themes license keys;
– Plugins/themes don’t have updates (abandoned by their developers).

What does “outdated” mean? There are two main reasons why a plugin might become obsolete: either its developer stops working on it, or he releases new features but no longer maintains his older version.

When you install an outdated plugin or theme, you open yourself up to security risks. In fact, outdated plugins and themes are a common gateway for hackers to gain access to WordPress websites.

In 2014, for example, one of the largest DDoS attacks in history was launched against websites that used an outdated third-party contact form plugin. Although the plugin was eventually removed from the WordPress.org repository, many websites were still vulnerable to attack, and many websites remain vulnerable today. The increase in malicious links targeting outdated plugins is a terrible problem.

But it’s not the only problem. With the constant release of new WordPress versions, updating plugins has become extremely important.

Top #4 Reasons Why you should keep your plugins up-to-date?

Outdated WordPress plugins can do damage to your website. Ignoring your WordPress update notifications may be one of the easiest things to do, but it’s also probably the most damaging. Here is why: inconsistent updates can lead to serious security issues, compatibility problems, and land you in technical debt.

Reason #1: Updates prevent security vulnerabilities and increase the overall security of your site. When a new version of WordPress comes out, it automatically fixes any security vulnerabilities that have been discovered since the last version. This means you do not have to worry about manually applying patches. As long as you keep up to date with the latest WordPress versions, you’ll always be protected from known bugs and security vulnerabilities. The dangers of outdated WordPress plugins & themes 02 - Virusdie

Reason #2: Updates make your plugins more reliable. Over the years, we have noticed a pattern with many WordPress plugins: they work fine at first, and then they stop working altogether.

Reason #3: Updating your plugins makes them better at what they do. In other words: your plugins will work better over time. When you install an update, the new version of the plugin automatically optimizes code, speeds up operations, and eliminates unnecessary code.

Reason #4: Updating plugins helps them stay compatible with the latest versions of WordPress. You can see the current version of WordPress supported by each plugin on its repository page. If a plugin does not show a version number, it means that the plugin is no longer maintained. In fact, a big part of the WordPress.org project is keeping track of which plugins are still maintained and which are not.

Some others are website crash, loss of personal or customer information, website defacement, data loss, or automatic redirects.

How to make sure your old WordPress plugins are secure and compatible

  • Backing up WordPress before upgrading

All-in-One WP Migration is one of WordPress’ most popular plugins for migrations & backups. It’s designed to make the process of moving websites easy for non-techies. It comes with features that help you move your site without tech savvy.

  • Updating Plugins

WordPress recommends that you only update plugins from the WordPress repository. With that in mind, here are some simple steps to help you update your plugins: First, locate the plugin in your WordPress dashboard. Then, click “Update Now.” The updated plugin will then appear in your list of plugins. To make sure the update worked, visit the plugin’s homepage.

  • Updating Themes

Updating a WordPress theme is pretty much the same process as updating a plugin. First, find the theme on your WordPress dashboard. Then click “Update Now”. The update should automatically install. When it’s done installing, the new theme version will appear in your list of themes. To check if the update worked, head over to the Themes page. If the update was successful, you’ll see a green “Update available” box next to the old version of the theme. Click that, and the new theme version will download. Then, activate the new theme.

  • Updating WordPress

Updating the WordPress core is a big deal. That’s because you are updating the entire platform… Not just a plugin or a theme. So, before you start, make sure you have backed up WordPress. And another site running on a different server (just in case something goes wrong).

  • Choosing your plugins carefully

When choosing a plugin, always check when it was last updated and find out what kind of customer support is available before you buy. Invest more times in choosing the right plugins!

  • Securing your site

Converting your website to HTTPS is not particularly difficult. It just requires a little extra work. But that’s not enough if you want your site to be as secure as possible. Virusdie can provide you with high quality security protection.

How often do you need to update WordPress core, themes, and plugins?

You can do this daily, weekly, monthly, or once a quarter. The frequency of updating depends on the website, and each website is different / unique. Using a WordPress management plugin or software to do updates like with MainWP.com, will help you make updates easier and faster.

Just keep in mind that updates are important, and if you do not do them in a timely manner, they can cause you a lot of headaches.

What to do if a WordPress plugin or theme upgrade breaks your site

What to do when you see an error message?

This is often the easiest and best solution. You need to find out which plugin is causing the problems and disable it. This is because the error code often consists of a path to the plugin that is causing the problems.
In the Dashboard, on the Plugins tab, find the plugin in question and disable it. It is recommended to contact the author of the plugin and ask for help with as detailed a description of the problem as possible (version of the plugin and of WordPress, the theme used, etc.).

What to do if the error message does not indicate which plugin is causing the problem?

If it is not clear from the error message which plugin is causing the problem, you need to disable all plugins and find the “culprit” through the elimination process. The easiest way is to use Mass Actions on the plugin page /wp-admin/plugins.php.

1. Click on Plugin at the top of the column to select all plugins at once
2. Under Bulk Actions, select Disable from the drop-down menu
3. Click Apply

The dangers of outdated WordPress plugins & themes 01 - Virusdie

After deactivating all plugins, you need to activate the plugins one by one (one by one). After each plugin activation, check the front end of your website to see if an error occurs. If you find the culprit of the error (or errors) in this way, do not use it, find a replacement and / or contact the author of the plugin on its support page.

If this method did not fix the occurrence of the error, it means that the culprit is not a plugin. Often, something else can cause the error. These are low-quality themes (templates). Try temporarily using one of the default WordPress themes, such as TwentyTwenty-One, and check the frontend to see if the error has disappeared.

What to do if you see a “white screen of death” instead of the administrative part?

If you see the “White Screen of Death” instead of the wp-admin page, it is obvious that you are not able to disable the plugins as in the above procedure. The following procedure may seem daunting to beginners, but in principle it is very simple.

But BE CAUTION! Do not panic, but go slowly through the following steps. This is because you could delete an important file and “break” the entire site. If you are unsure, we strongly recommend that you backup the database and all WP files on the server before any intervention.

Disable plugins via FTP

To bypass the “White Screen of Death”, access the server via the FTP (file transfer protocol) client. I recommend using the popular FTP client FileZilla. This way you could access the wp-admin page and disable all plugins.

Deactivating plugins via phpMyAdmin

Plugins can also be disabled via phpMyAdmin.
1. in the wp_options table, in the option_name column, search for active_plugins (sorted alphabetically to make it easier to find).
2. change the option_value field to a: 0: {}

More Tips and Tricks

1. Read the documentation, change log and support forums;
2. Re-save options and use correct shortcode;
3. Clear your site cache and browser cache;
4. Troubleshoot style issues after upgrading WordPress theme or plugin;
5. If your WordPress breaks (doesn’t load) after upgrading, please perform WordPress troubleshooting


The plugins are great. But… There’s always a but. Namely, plugins should be used wisely. Do not install plugins for everything that comes to mind. If you have tried the plugin and its features do not meet your needs, you should remove the plugin from your website DELETE. Inactive plugins can be a potential security risk.

Remember that every plugin adds lines of code to your website. Some plugins are masterfully coded, others are coded by inexperienced developers. Keep that in mind. Some plugin authors welcome your comments and bug reports on their support page/forum and work hard to fix and/or improve their plugin.

Check if the plugin is compatible with the latest version of WordPress, read reviews, support forum questions, user comments, etc.

If a plugin is causing problems on your site, delete it and find another solution. There are always alternatives.

Think about what you want (and what you really need) in your web. Accordingly, choose carefully and wisely what you will install. More does not equal better. Sometimes the opposite is true.


Article by Ivica Delic
founder of FreelancersTools,
exclusively for Virusdie.

Join our private Facebook group to get help from other security experts, and share your own web security experiences and expertise. Group members receive exclusive news and offers. They can also communicate directly with the Virusdie team. Join us on Facebook.