Would you feel comfortable using a piece of software that was created nine years ago, and was last updated six years ago? Probably not. However, there are at least two million people that don’t see any problem in that. They are using the free Limit Login Attempts plugin created in January 2009 and updated for the last time in June 2012. Although it’s a drastic example it’s certainly not the only one. Unmaintained, outdated and simply put old plugins are swamping the official WordPress plugin repository. Barely 30% of over 55,000 plugins have been updated in the last twelve months.
How many plugins got updated in the last month or year? Unfortunately, not many.
As clearly shown by the chart below 27% of plugins on the repo have not been updated in 5+ years! That’s a long time by any standard. As the number of plugins increases, these gloomy stats will only get worse. Maintaining a plugin is not cheap and many developers realise that only after they put it in the repo. There are many reasons why those plugins are still in the repository and why they won’t be removed any time soon. Bottom line is that you are responsible for what you install on your site. And you should pick plugins carefully.
The problem of free
Historically speaking WordPress plugins are considered free and the vast majority of users find them in the official repo. For some reason, this way of thinking has lead to the situation and problem we are all facing – a lot of plugins on the repo are old and untested with the latest version of WordPress. In theory that’s not a problem, in practice it is, and it’s a big one.
WordPress is rapidly evolving and major releases come out a few times a year. Plugins that are not tested with new releases are bound to have bugs and incompatibilities with latest versions. Those can vary from minor GUI glitches to serious problems that prevent the plugin from being activated or even worse ones that produce a white screen of death. Unmaintained plugins often cause security issues. And although the staff at WP.org does remove plugins once a security issue is discovered that’s really not how things should be done. It’s far from a proactive measure and it only prevents new people from installing the problematic plugin.
How to protect yourself? Invest more times in choosing the right plugins!
There are times in life when you don’t have a choice. Only one company delivers cable to your house? Well, if you want Internet access they are your only options. But, when it comes to WordPress plugins those situations are very rare. Most plugins have numerous alternatives. Some free, some paid. Some with more, some with less active installations. But there are alternatives! And in our opinion, most alternatives are better than using plugins that haven’t been updated in years!
So, how to go beyond the “last update” date and ensure the plugin is maintained and safe? Open the support forum and see how the activity looks like. If the plugin has numerous downloads and active installations but there are no fresh support topics there’s a good chance nobody has any problems with it. If it were causing severe problems, people would be vocal about it, trust us. On the other hand, if the forum is flooded with topics and they are not answered in a timely manner (or at all) then you have a typical old, unmaintained plugin in front of you. Users are having problems and there’s nobody to address them. Do not use that plugin. Find an alternative. If the forum is very much alive and topics are regularly answered – read through them. In most cases, it means the author is active and does provide support.
No plugin repository and that includes Tidy Repo is immune to old plugins. That’s why we clearly mark plugins that haven’t been updated in +6 months. It’s not a problem by default but it certainly begs for a deeper look at the plugin and the possibility of finding better, more frequently maintained alternatives.
Top 10 Unmaintained Plugins with 200,000+ Active Installations
|Plugin Name||Active Installations||Last Updated|
|Limit Login Attempts||2+ million||June 2012|
|PS Auto Sitemap||200,000+||July 2015|
|Cookie Law Info||200,000+||August 2015|
|Table of Contents Plus||200,000+||January 2016|
|Quick Page/Post Redirect Plugin||200,000+||April 2016|
|Force Regenerate Thumbnails||600,000+||September 2016|
|Login LockDown||200,000+||September 2016|
|Simple Page Ordering||200,000+||November 2016|
|Simple 301 Redirects||300,000+||January 2017|
|Simple Social Icons||200,000+||February 2017|