24 Oct Does WordPress have a plugin problem?
One in every six websites online today is built using WordPress; with its open source code base and large community of developers it’s no surprise that it’s grown so huge since its initial launch in 2003. WordPress’ easily adaptable and extendable code along with the large amount of tutorials and documentation online makes it a dream for plugin developers to add new functionality. At the time of writing this article the WordPress plugin directory hosts 34,050 plugins, but out of that number around 30%, possibly more, haven’t been updated in over two years.
In 2011 WPMU.org published a blog detailing the compatability of every plugin in the wordpress directory with version 3+ of WordPress (the then current version) and found only 51% of plugins were compatable. Since WPMU’s findings WordPress have changed the plugin repository to filter out plugins that haven’t been updated but, the dead plugins still remain.
The issue that remains with the outdated plugins is although old plugins are hidden there are still plugins listed last updated in 2012 or 2013. These plugins have the potential to become more outdated and could already contain serious security flaws and are still showing up in searches, as well as being readily downloaded. For example one plugin I found had been downloaded 100 times in the last week in spite of having not been updated in over a year.
Outdated plugins not only have a compatibility risk, there have been six core WordPress updates since 2012, but also a potential security risk associated with older versions of jQuery in plugins and partially deprecated WordPress functions.
Plugins that no longer exist
I built my first ever WordPress site just for fun way back in 2011. One of the features of the site was a ‘star rating’ review system, and I used a plugin called GD Star Rating to add the rating system. This plugin is no longer available and has compatibility issues with newer versions of WordPress. As such, if I were to go back and update the site I would find that my rating system no longer worked. WordPress doesn’t inform users when a plugin is withdrawn from the repository. In the case of GD Star Rating, the plugin was retired by the developers who are working on a new package of plugins. However, if the plugin had been withdrawn due to a serious security vulnerability, I would have no way of knowing my site could be at risk.
Drupal has encouraged other developers to take over support and help maintain modules that are at risk of becoming or have already become outdated. While WordPress does allow plugin adoption it is a rather large grey area with developers unsure who to contact. As WordPress continues to grow and as more plugins are built the repository only gets larger with no plans to begin force removing plugins over a certain age, or at least archiving them, the issue continues to grow. Hopefully one day soon WordPress will realise something needs to be done. Until then when it comes to plugins that are removed from the repository WhiteFirDesign offer a plugin called no longer in directory that will let you know if any plugin on your site has been removed by WordPress.