admin-plugins author calendar category facebook post rss search twitter star star-half star-empty

Tidy Repo

The best & most reliable WordPress plugins

Old, Outdated & Unmaintained Plugins are Dangerous

Old, Outdated & Unmaintained Plugins are Dangerous

Gordan Orlic

May 17, 2018 (modified on October 29, 2019)

Blog

Would you feel comfortable using a piece of software that was created nine years ago, and was last updated six years ago? Probably not. However, there are at least two million people that don’t see any problem in that. They are using the free Limit Login Attempts plugin created in January 2009 and updated for the last time in June 2012. Although it’s a drastic example it’s certainly not the only one. Unmaintained, outdated and simply put old plugins are swamping the official WordPress plugin repository. Barely 30% of over 55,000 plugins have been updated in the last twelve months.

How many plugins got updated in the last month or year? Unfortunately, not many.

As clearly shown by the chart below 27% of plugins on the repo have not been updated in 5+ years! That’s a long time by any standard. As the number of plugins increases, these gloomy stats will only get worse. Maintaining a plugin is not cheap and many developers realise that only after they put it in the repo. There are many reasons why those plugins are still in the repository and why they won’t be removed any time soon. Bottom line is that you are responsible for what you install on your site. And you should pick plugins carefully.

Less than 7% of all plugins got an update in the last 30 days and 30% in the last year. Nearly 27% have not been updated in 5+ years.

The problem of free

Historically speaking WordPress plugins are considered free and the vast majority of users find them in the official repo. For some reason, this way of thinking has lead to the situation and problem we are all facing – a lot of plugins on the repo are old and untested with the latest version of WordPress. In theory that’s not a problem, in practice it is, and it’s a big one.

WordPress is rapidly evolving and major releases come out a few times a year. Plugins that are not tested with new releases are bound to have bugs and incompatibilities with latest versions. Those can vary from minor GUI glitches to serious problems that prevent the plugin from being activated or even worse ones that produce a white screen of death. Unmaintained plugins often cause security issues. And although the staff at WP.org does remove plugins once a security issue is discovered that’s really not how things should be done. It’s far from a proactive measure and it only prevents new people from installing the problematic plugin.

How to protect yourself? Invest more times in choosing the right plugins!

There are times in life when you don’t have a choice. Only one company delivers cable to your house? Well, if you want Internet access they are your only options. But, when it comes to WordPress plugins those situations are very rare. Most plugins have numerous alternatives. Some free, some paid. Some with more, some with less active installations. But there are alternatives! And in our opinion, most alternatives are better than using plugins that haven’t been updated in years!

So, how to go beyond the “last update” date and ensure the plugin is maintained and safe? Open the support forum and see how the activity looks like. If the plugin has numerous downloads and active installations but there are no fresh support topics there’s a good chance nobody has any problems with it. If it were causing severe problems, people would be vocal about it, trust us. On the other hand, if the forum is flooded with topics and they are not answered in a timely manner (or at all) then you have a typical old, unmaintained plugin in front of you. Users are having problems and there’s nobody to address them. Do not use that plugin. Find an alternative. If the forum is very much alive and topics are regularly answered – read through them. In most cases, it means the author is active and does provide support.

No plugin repository and that includes Tidy Repo is immune to old plugins. That’s why we clearly mark plugins that haven’t been updated in +6 months. It’s not a problem by default but it certainly begs for a deeper look at the plugin and the possibility of finding better, more frequently maintained alternatives.

Top 10 Unmaintained Plugins with 200,000+ Active Installations

Plugin Name Active Installations Last Updated
Limit Login Attempts 2+ million June 2012
PS Auto Sitemap 200,000+ July 2015
Cookie Law Info 200,000+ August 2015
Table of Contents Plus 200,000+ January 2016
Quick Page/Post Redirect Plugin 200,000+ April 2016
Force Regenerate Thumbnails 600,000+ September 2016
Login LockDown 200,000+ September 2016
Simple Page Ordering 200,000+ November 2016
Simple 301 Redirects 300,000+ January 2017
Simple Social Icons 200,000+ February 2017