Do you see an interesting plugin and install it willy-nilly, hoping it doesn’t break your site? How scary! If yes, why? Because you like being exploited by malware, enjoy testing the accuracy of your backup restorations or because you don’t know a better way? Let’s try this…

Create a WordPress site just for testing plugins and themes for old, outdated, deprecated code

1. Create a new WordPress site, completely separate from all your other WordPress installations (not a MultiSite sub-site).
   1. Do not install WordPress in a sub-directory (like domain.com/wp/). If you do, the page code I linked to below will need editing.
   2. I recommend installing on your local computer, but you might want to install on a public web server. If you do, turn off Search Engine Visibility in WordPress – Settings – Privacy.
2. Give your site a descriptive name. Call your website “Deprecation Checker” or something like that – so you know what it is. If using DesktopServer on your local computer, I’d recommend depchecker.dev or another descriptive name.
3. Create a new page titled “How to use this site”, click to the HTML tab, and paste this content: http://pastebin.com/qDK83Juc
4. Make your new page the WordPress site’s homepage, in WordPress – Settings – Reading.
5. Install and activate these plugins (listed in alphabetical order):
   1. Deprecation Checker (view all deprecated functions and the recommended new function to use)
   2. Install via URL (copy the .zip download URL and paste to install – quick, easy, and helps make sure you don’t “find” the wrong plugin in the WP Dashboard search)
   3. Plugin-Check (test plugins against the latest plugin review standards)
   4. Theme-Check (test themes against the latest theme review standards)
   5. Theme Authenticity Checker (TAC) (scan themes for potentially malicious or unwanted code)
   6. Optional: WPMU DEV Dashboard and other installer/updater plugins that you may want active so you can test new plugins and themes
6. Follow the instructions on your new Deprecation Checker website’s homepage.
   1. Install (do not Activate) the theme(s) and plugin(s) you want to check.
   2. Run the scanners.
   3. Depending on the results, choose whether or not to try it in your “real” WordPress site.

Tips and Ideas

Tip: The scanners only test for the presence of outdated, old, deprecated functions. TAC also checks for included malware. These tests help, but they’re not magic. There are additional errors that could be present upon activation or conflicts that may arise when installing to your other site(s).

Tip: For the sake of your web server, you should probably only run one of the tests at a time. It’s resource-intensive to check through every line of your plugins’ and themes’ code. Also, results may appear on your screen, but wait for the browser’s page loading indicator to stop running before scrolling through the results or taking any action.

Tip: Having plugins and themes without deprecated functions is very important for security and functionality, but make sure to keep your WordPress core updated as well. The plugins check against the current WP version so when a new version comes out, the scanners don’t need updating and may be checking against a version newer than your site’s.

Tip: If you’re creating your own plugin, modifying a theme’s files, or looking to include new code in your functions.php, run these checks periodically and prior to publishing.

Tip: I suggested not activating any of the extensions (plugins and themes) to be tested. But if you want to Activate and click around, that’s your choice. If you do, you might also want to enable WP DEBUG and do some additional testing.

Idea: You could use this site as your collection of ALL plugins and themes you use or might eventually use. That way, you can install all plugin and theme updates, run the scanners again, and then click to update on your “real” sites. Plus, it’s like a bookmark list of the plugins and themes that you can refer to when you can’t remember your favorite niche plugin’s name.

Final Thoughts

Maybe all this sounds like too much trouble. If you’ve ever had an infected or broken site, you probably won’t think so because you went through the time and stress of trying to undo the badness. The bottom line is that having a dedicated site to test plugins is the first, not only, step in trying to keep your WordPress sites clean and visitor-friendly. Quick tips for success: Login to WordPress securely, don’t use bad plugins and themes, and keep WordPress core up-to-date.