If a plugin that is important to the look and feel of your WordPress website is abandoned, it is best to start looking for an alternative.
Recently in the news, several popular abandoned plugins were purchased and used to disseminate malware. It is not recommended to keep using a plugin that has been marked abandoned at WordPress.og. So what should you do?
One, search for alternatives using the plugin name. In many cases others just like you have had a similar problem and have created, found, or written about good alternative plugins. Do some research and see if you can find a good replacement option.
Two, be sure is has been abandoned by visiting WordPress.org. Look to see if there are comments that point you to alternatives.
Four, leave the abandoned plugin installed and take your chances that nothing will happen and your site will not be hacked. Just be aware that as WordPress updates, the plugin may stop working entirely.
I like WordPress for blogs, but not for websites. Here’s one example of why I am not recommending WordPress for business websites.
Client A did a new website two years ago and moved to WordPress from PHP. They thought that they would be updating their content and so wanted an application that allowed staff to go in and make updates at will.
What happened in reality is that they never added their own content, they paid me to do updates. They had to buy a WordFence premium license to protect their WordPress website from hacking and then pay a webmaster to monitor files and plugins for updates as well as do monthly maintenance.
Now, one of the plugins that is integral to the look and feel of their theme, has been abandoned at WordPress.com. Deactivating the plugin makes the inside pages look bad. There does not seem to be an easy fix replacement for the plugin. It maybe that the best solution is to replace the WordPress theme in the next year due to the loss of this important plugin.
Client B has a PHP-based responsive website that is not WordPress. They have used their website since 2015. It still rates over 90/100 on the Google Page Speed tool in mobile and desktop. This client simply wants a new look and so is looking for a similar PHP responsive site design.
I personally feel that WordPress has a place, but is not my preferred application for website design. Too many clients want to keep their new website three to five years or longer. If you have a WordPress website and a plugin is abandoned what would you do if one is not readily available as an alternative? You’d have to simply start over and buy new.
Just today WordFence notified me that the Feedburner WordPress plugin had been removed from WordPress.org. What does that exactly mean for you?
When a plugin is removed from WordPress.org it means either the plugin has been compromised, it does not work with current WordPress versions, or that it has been abandoned. Plugins cannot work with current versions of WordPress if the plugin author is not doing regular updates.
WordPress.org polices their plugin archive and if a plugin may cause problems with new versions of WordPress they tag it. WordFence, which we use for security management of WordPress applications, scans the WordPress.org archive and advises us if plugins in use in a client WordPress installation are up to date.
There have been several instances lately where plugins dropped from WordPress.org had been used by bad actors on the web to send out malware and to spamvertise a website.
Site reputation – that’s what hackers want to steal from you for their own personal gain. Don’t think that you need to just be using WordPress to become a victim. I’ve seen regular HTML website fall prey to hack attacks too.
It typically all starts with your user name and password being stolen. Hackers create a phishing page that looks legit that they hope you will click and then enter in your user name and password into. The best defense is to never click links in an email and if you do click a link, never share login information no matter how valid a site or form looks.
Instead, go to your login address using your browser and access your account without clicking a link. You will typically find that there is not a problem with your account or access. But the email you had received had some dire notice that you were going to lose access or your account would be closed. Be suspicious of everything.
Troy Hunt has it right in his article on how and why hackers want to get into your site and steal your credentials. His article is worth the read to allow you to make sure to stay safe. You will be amazed at the extent hackers will use, to mask their presence in an effort to steal your credentials and then your website reputation.
Once you use AMP on WordPress, and if you want to use AMP pages on your regular HTML site, you’ll need to do a little research. There are lots of sites and information from Google on how to set up and how to validate your new AMP pages.
This is what I have learned in the process of working on my own website pages.
The original and new AMP page need to be pointed to each other. The AMP page points to the original page using a canonical reference telling Google that the non-AMP page is the original. The non-AMP page then points to the AMP page so that Google can discover it using a special meta tag amp reference.
There are specialized AMP image references and specialized CSS references. Additionally, Google will require that the viewport be set in the page head section to validate the page.
It is not complicated to set up these static AMP pages, but it is complicated to get them to validate. That being said, the future for Google is all about AMP and mobile. With a little effort you can make your blog and website more attractive for Google to index (and cache) in this new “Mobile First” world.