Plugin that keeps deactivated plugins secure from hackers?

  • Security pros say to uninstall plugins you’re not using because even if they are not active, they can be exploited by hackers / malware.

    I have deactivated many plugins to improve performance (speed), but I’m reluctant to uninstall them, because (1) their databases / database tables / entries would be lost, (2) I might want to use them again and I don’t want to search thru and compare a bunch of different plugins again in the future.

    I tried to find a plugin that keeps deactivated plugins safe from hackers (like a virtual firewall?). I found a plugin called Plugin Organizer, but it’s description* sounds unrelated to this.
    * (1. Change the order that your plugins are loaded.
    2. Selectively disable plugins by any post type or wordpress-managed URL.
    3. Add groupings to the plugin admin age.)

    If I go thru FTP and create a new folder and move all deactivated plugins into it and then zip it (tar-gzip), will that keep them safe?

    They would, unfortunately, I think, no longer appear in the wordpress plugin manager (right?), so I would need to open FTP to try to remember what plugins I had deactivated. Also, if I did reactivate them I would need to immediately manually update it in case older versions have become vulnerable to malware/hackers..

    I can keep a database or spreadsheet with the names of the plugins and why I installed it and why I deactivated it.

    If I delete the folder through FTP but don’t uninstall it, will the databases/tables/records remain available if I later re-download the plugin?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Yes, if you delete the plugins via FTP, their data remains in the database. Files that you store are also retained. However, only as long as you do not run database optimisation, as this would detect and remove such remnants (for the most part).

    Alternatively, there is the option of using a firewall on the server side that filters all access and blocks potential attacks on files from any plugins (not just the active ones). You would have to contact your hosting support for this.

    Thread Starter Jonathon N

    (@imagiscapeca)

    Thanks for the warning that optimizing my database could cause some deleted plugins’ data to be lost.

    I’ll add to my original post:
    “Edit: My Bluehost hosting plan has a firewall around my site but does not allow firewalls between folders within my site.”
    … update: Too late to edit the original post.

    • This reply was modified 1 year, 1 month ago by Jonathon N.

    Just change the permissions mate.

    When changing permissions, a typical approach might be to set the directory permissions to 700 (accessible only by the file owner) and the file permissions to 600 (readable and writable only by the owner), or even more restrictive, depending on your hosting environment and security needs.

    Revert when updating the plugin(s) or require them re-activated for use/retrieval.

    Most plugins save data in the database, thus deleting the plugin and reinstalling when needed, won’t incur data loss.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugin that keeps deactivated plugins secure from hackers?’ is closed to new replies.