Right at this moment, I would love to writing new posts for this blog. Instead, I am going through each of my WordPress themes and deleting the plugins that get re-installed EVERY TIME that you update the software – most specifically, the Hello Dolly plugin.
In case you have never bother to activate it, all Hello Dolly does is display a random lyric from the song Hello Dolly. Yes, that’s it. But it has traditionally been included with WordPress since earlyin the software’s development.
A lot of blog posts have been written about this over the last few years (Google delete Hello Dolly plugin and see what I mean). One post refereed to Hello Dolly as “some kind of zombie plugin that would rise from the dead every time I updated WordPress.”
While some people have learned to write plugins through studying the Hello Dolly plugin, more people seem to be frustrated with its continual ressurection. In this 2009 poll from Digging into WordPress, 78% of those who responded voted to remove Hello Dolly from WordPress. And yet it is still here.
Hello Dolly was written by Matt Mullenweg, one of the co-founders of WordPress, and that is probably the reason it remains bundled with the software. In fact, this post from Webnovate suggests that we should keep the plugin installed as a thank you to Matt Mullenweg for WordPress itself.
But there are actually some very good arguments for deleting it, along with any other unused plugins:
- Plugins use server resources. They also affect your pages’ load times.
- Plugins can interact and cause conflicts and unintended side effects.
- Plugins require constant updating, even if they are not active.
- Plugins can be huge security risks. Sometimes, the risk is from the plugins themselves, sometimes, it is from plugins being out of date. According to WPExplorer, “Out of date plugins are prime targets for those in search of security weaknesses and can also break when newer versions of WordPress and other plugins are released.”
I use security software to track login attempts on my blogs. Every time WordPress updates, there is a surge in bots trying to access sites, hoping to catch a new vulnerability or exploit a flaw brought about by the new software. Given the security risks that are out there, I don’t want any plugins installed that I am not actively using.
And that’s why I think it is time for Hello Dolly to finally stop being bundled with WordPress. It is too big of a security risk for the world we live in. I know the song says, “Dolly’ll never go away again.” But, hopefully, we are not taking that too literally. I’d rather spend my time doing something else….