“The Plugin ‘XXXXXX’ has been removed from wordpress.org but is still installed on your site.”

Do you see this message when running your security scan on your WordPress site? (You are running a security scan, right?)

I’ve written before about the importance of deleting abandoned WordPress plugins from your website. Whether they’ve been completely removed from WordPress.org or just haven’t been updated in quite some time, outdated plugins can create critical vulnerabilities that should be quickly addressed. We recently helped a client tackle this issue with five abandoned plugins, and the fixes were quite simple.

The functionality of one plugin, for example, is now being provided by Wordfence, the plugin we use for security and malware scans. That one was easy enough to deactivate and delete. A second plugin was abandoned simply because its functionality had been made redundant by a recent WordPress update. We copied its settings into WordPress and removed the plugin.

A third example involved a little more work. Our client was using a plugin to display raw text on the site via shortcodes. Having set this functionality up on numerous other sites, we were ready to recommend an actively maintained alternative. We did have to alter the short code tags on the pages that called them, but the new plugin was otherwise fully compatible.

If your security scans are warning of plugins that aren’t being maintained by their developers, please feel free to contact us for assistance. (We can help with that security, scan, too!) We likely already have alternatives to recommend, and, if not, we can find ones that will integrate with your site with minimal fuss.