You should remove inactive plugins?

  • What if it’s a reputable premium plugin I intend using soon enough?

    Here’s my situation. We are working on a site we may want to fully translate, at some point. In the meantime, WPML is installed and some pages are translated but none of the translations are currently published.

    However, Google Search Console is showing some weird errors about the secondary language directory, as in 404 not found. Maybe this is because some secondary language pages were briefly published, then un-published, and in the meantime they got indexed, but now G can’t find them anymore.

    So, I have thought to just disable WPML until we are ready to start translating, which will pretty much double our workload, hence the pause.

    This then raises the ‘issue’ that prompted this post. WordPress Site Health is now saying I should remove inactive plugins if I don’t intend using them as they are a target for hackers? So active plugins are safer than inactive ones, even if they are not maintained?

    I always thought all plugins were targets, inactive or not, if they are poorly maintained. I’d like to think WPML is maintained well enough. I also believe plugins will still be updated even if they are inactive.

    My suggestion/feedback is if WordPress could consider the wording used in Site Health to perhaps say something more along the lines of: “You should remove any plugins that have not been recently updated.” Or, when about to deactivate a plugin, perhaps a warning banner to say inactive plugins are bigger targets, you should think before deactivating.

    So basically, can I safely leave WPML inactive indefinitely, or are the hackers now on their way en masse?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Yui

    (@fierevere)

    永子

    th decisions are still on you. If you’re planning to use it, there’s no reason to remove.

    however i have seen many cases sites been hacked due to old premium inactive themes, plugins also can allow hackers attacki, especially if they are not updated , thats executable code and sometimes can execute even withoutbeing activated

    yeah, if you are definitely going to be using WPML there’s no point of keeping it deactivated. It’s better to check with the WPML support why you’re getting errors otherwise you’re just delaying stuff.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘You should remove inactive plugins?’ is closed to new replies.