DESIGN. BUILD.CARE.

MerlinFX Help

Our managed services and care plans streamline WordPress website management, including hosting, updates, and maintenance, 24/7 monitoring so businesses can focus on core activities and have a smooth, secure website.

Can I install my own plug-ins?

This has to be a resounding no. We purchase only premium plugins. Plugins that are paid have an upgrade cycle. They need to be updated regularly and have great user feedback. They also need to play nice with other plugins. Much research goes into combining the selection of plugins we use to ensure your site runs efficiently and securely. 

Adding a Plugin
We are always happy to review; if something needs to be added, we ensure it’s appropriately vetted.

  • What’s the reputation of the plugin developer who created a plugin?
  • What’s support like?
  • Does it always have vulnerabilities?
  • How old is the plugin?
  • How often is it updated?
  • What’s its rating out of 5 stars?
  • What kind of community does it have around it?
  • Is it clunky and slows the site down?
  • Are there known conflicts with other plugins, server configurations etc.?

All these are incredibly important when it comes to the integrity of a website.

A poorly coded plugin and not updated regularly is a surefire way of exposing your website to hackers. And they hit anyone from big business, small business or NFPs. They do not care. 

Security Breaches

If you have ever been part of a security breach, it’s no fun. The most challenging part is once they are on your site – what they install next can affect all our other sites on that server. The headache of such a breach requires you, by law, to contact every customer who has ever completed any web form (contact us or lead magnet) to advise you have had a breach and what information they took. That is an embarrassing position to be in. You have to only deal with one breach – we have to deal with more.

TIP: That’s why our new web forms have the option to delete entries after a certain period and/or why we recommend that your records be deleted regularly – depending on your form volume. We are risk-averse. 

Privacy Laws

Privacy laws changed a few years ago, and it’s more important now to be vigilant. Notwithstanding that hacking attempts happen all the time, they are getting more sophisticated.

This is why we invest so much time and money into security systems.

Hacking hassle

Then you have to contact the OAIC and explain the same. How it was dealt with, and what was put in place to ensure as best as possible, it doesn’t happen again. It’s a headache and risk I am not prepared to take for you or any other client wanting Admin access.

I hope that explains our security position.

Suppose a particular plugin meets the above criteria and is necessary. In that case, that plugin must be purchased separately by you, which is usually payable as one-year subscriptions in USD. That’s how most plugin operators work. To ensure the website’s integrity, this plugin subscription must be kept up to date with its subscription payments. Expired subscriptions mean plugins do not get updated and are usually why a site gets hacked due to out-of-date plugins. Therefore any breaches caused by the plugin, the cost of repairing the website will be assigned to you. If the plugin remains outdated for over a month, we will deactivate and remove it from the website.

Updated on June 9, 2023
Updated on June 9, 2023
Scroll to Top