• Sun. Oct 17th, 2021
DOn't get HAcked - WordPress Security

Don’t Make This Mistake With Your WordPress Security

People, Please please please stop making this age old mistake when it comes to your WordPress security options.


Recently I came across this newly posted page offering this WordPress security plugin for free: (See below) This WordPress login plugin was being listed in the posting dated December 11, 2016 as “The ALL NEW iCha All-in-One Enterprise WordPress Login Plugin Redefining WordPress Login”.

wordpress security mistakes

Please note that this is a site (which I won’t name) offering what “WAS” a paid addon for free. Do not fall for this, IT IS A TRAP.


Aside from any legal issues for software piracy, you must do your own due diligence before ever downloading something like this…


With only a few moments of digging (really one Google search) comes up with the paid addon page from Codecanyon offering this plugin for a reasonable $18.


So lets take a quick look at this plugin shall we:


Several concerns jump right out at me as to why you might wish to avoid this plugin at this point:

  1. No free version available on WordPress.org.
  2. I have been using and reviewing plugins for some time and have not heard of it.
  3. According to CodeCanyon site this plugin has not been updates since 2014.
  4. Only valid for WordPress Up to version 3.8.
  5. All features that are readily available in highly respected security FREE plugins.


While this may very well have been a legitimate plugin when it came out in 2013, I find that any posting for it in 2016 as being an “ALL NEW” WordPress security plugin does not sit well.


Please remember that many plugins are written in standard PHP which means that most anyone can download a copy and modify it if they know what they are doing.


If this is presently a valid login plugin for WordPress then I would suggest the author update it to match the WordPress security changes that have taken place over the last few years.


I personally would not spend any money on a plugin that has not been updated in more then 3 months. After all if your paying for a plugin you would hope the authors maintain it.


A plugin such as this could easily send duplicate copies of your login credentials to an offsite location.


In any case, if you download paid plugins from an unknown source then consider yourself warned, use that plugin at your own risk and don’t complain if your site gets hacked.


Always due some checking on plugins that concern your WordPress security concerns. Whether you get plugins for free or spend a fortune, make sure you do some basic checking and get them from somewhere you can trust.


Derek Wood

Derek is a Online Web Professional. He works with clients and customers in order to implement Web-Based solutions for businesses. These include websites, SEO, marketing, and company branding. His own company, Shadow Dragon Unlimited has been providing these services to local businesses in his Western Massachusetts area and online since 2003.