I have been thinking about WordPress plugins that are older, or haven’t been updated in awhile. You know the ones in the repository that have the “! This plugin hasn’t been updated in over 2 years. Blah … Blah … Blah.”
I see many blog posts warning users about these plugins all the time. Some even claim that you need to deactivate and remove them immediately or else! One even wanted the WordPress developers to add a check and warning in your dashboard if you happen to be using one that hasn’t been updated in 2+ years.
That’s a nice thought, but just because one happens to be older and not updated in awhile doesn’t mean that your website is more vulnerable to some form of exploit or hack.
Think about it. A recently updated plugin could easily be just as vulnerable. Just because it was updated doesn’t mean that there isn’t a flaw. Many plugin developers push out updates that have absolutely nothing to do with security enhancements or fixes. A lot of times they are just subtle design/style changes, a new feature, or something fairly basic and simple. Some do this just to prevent the 2 year warning from appearing on the plugin/download page.
Now I am not saying that a plugin that hasn’t been updated in 2+ years is perfectly safe either. It all depends on what it actually does, and how well it was written.
Some WordPress plugins are fairly simple and use basic standard functions that you would commonly expect.
More often than not the reason that they stop updating a plugin is because they no longer have the time, they lost interest, or they made little or nothing for their hard work. I mean would you really spend hours upon end developing, programming, and testing a plugin if you only made a few dollars per year from it? I know I wouldn’t. I would eventually give up and discontinue working on it too. I enjoy programming, but I can’t donate all my spare time so everyone else can use it for free. I suspect that’s what happens to a lot of the plugins in the WordPress repository where you see that 2 year warning message.
Many people that use WordPress are not coders, developers, or programmers though so they have little or no understanding of what the actual code involved does, or if it might pose a potential threat to the overall security of their website.
It’s just when I read a blog post telling people they need to remove it ASAP because they see the “… hasn’t been updated in over 2 years” thing at the top of the page, and then I see them recommending another plugin that happens to be brand new I scratch my head and go … huh! What makes this one so safe and secure?
If you can find a suitable replacement that happens to be actively developed and updated, then by all means go for it. That’s up to you and your business.