Is Code Snippets safe to install?

Here's the live Plugin Risk Score for Code Snippets by Code Snippets Pro, scored across five factors pulled from the WordPress.org Plugin API.

As of June 2026, Code Snippets scores 73% — Moderate Risk — on Plugin Risk Score, based on five live signals from the WordPress.org Plugin API. Its weakest area is WordPress compatibility (significantly behind current WordPress).

code-snippets

Code Snippets

by Code Snippets Pro

73%
Moderate Risk
Last Updated
Recently maintained
Apr 2026
Tested Up To
Significantly behind current WordPress
6.9.4
Downloads
Widely used and battle-tested
1M+
User Rating
Well rated by users
4.7/5 (501 ratings)
Support Resolution
Poor support track record
17% resolved
View on WordPress.org → Check another plugin →

Code Snippets: frequently asked questions

Is Code Snippets safe to install?

Code Snippets scores 73% on Plugin Risk Score, rated Moderate Risk. The score combines five live signals from WordPress.org: update recency, WordPress compatibility, active installs, user ratings, and support responsiveness.

Is Code Snippets still actively maintained?

Code Snippets was last updated Apr 2026. Recently maintained.

Is Code Snippets compatible with the current version of WordPress?

Code Snippets is tested up to WordPress 6.9.4. Significantly behind current WordPress.

How widely used is Code Snippets?

Code Snippets reports 1M+ downloads. Widely used and battle-tested.

How we score plugins

Every check pulls live data from the WordPress.org Plugin API. Each of the five factors below is graded green, amber, or red — worth 3, 2, or 1 points. We total them, divide by the maximum, and turn it into a percentage. 75%+ is Low Risk, 50–74% is Moderate, anything below 50% is High Risk.

Last Updated

How long it's been since the developer last shipped a release to WordPress.org.

Plugins that go quiet for a year or more typically aren't getting security patches. Three years without an update is effectively abandoned.

  • Under 6 months
  • 6–14 months
  • Over 14 months (3+ years counts double)

WordPress Compatibility

How recent a version of WordPress the developer has explicitly tested the plugin against.

WordPress ships major releases roughly every four months. A plugin that hasn't been tested against the current branch may break, conflict with core changes, or quietly fail on newer PHP versions.

  • Within 1 version of current
  • 2–3 versions behind
  • 4 or more versions behind

Active Installs

How many live WordPress sites are running this plugin right now.

A large install base means real-world testing across thousands of stacks, and a higher chance someone has already reported any nasty edge case. Tiny plugins can be brilliant, but they get less scrutiny.

  • 10,000+ active installs
  • 1,000–9,999
  • Under 1,000

User Rating

The average WordPress.org user rating, weighted by how many ratings the plugin has received.

Ratings expose what the changelog won't — frequent breakage, dark patterns, support that ghosts you. A handful of five-star reviews from a brand-new plugin isn't meaningful, so we flag low sample sizes amber regardless of the score.

  • 4.0+ stars with 10+ ratings
  • 3.0–3.9 stars, or fewer than 10 ratings
  • Below 3.0 stars

Support Resolution

The percentage of support threads in the plugin's WordPress.org forum that the developer has marked resolved.

It's the cleanest available signal that someone is actually behind the wheel. A plugin with a healthy install base but a dead support forum is a plugin you'll be debugging alone.

  • 80% or more resolved
  • 50–79% resolved
  • Under 50% resolved

One nuance worth flagging: the Last Updated check counts double when a plugin is more than three years old. Abandonment is the single strongest risk signal, so we weight it accordingly rather than letting a healthy install base mask a long-dead codebase.

What to do with your result

A score is only useful if it leads to a decision. Here's how we'd act on each verdict, based on a decade of cleaning up WordPress sites that didn't.

Low Risk

You're probably fine. A few habits to keep it that way.

  • Set a reminder to re-check the score every six months. Healthy plugins drift; today's green can be tomorrow's amber.
  • Subscribe to the developer's changelog or follow them on the WordPress.org profile so you hear about major rewrites before they land on your live site.
  • Whatever you install, install on staging first. Even a perfectly maintained plugin can collide with your specific stack.
Moderate Risk

Worth a closer look before — or instead of — installing.

  • Open the support forum and read the most recent ten threads. Are users being answered, or talking to themselves? Tone tells you a lot in two minutes.
  • Check the changelog. A long quiet period followed by a single small commit is often a developer doing the bare minimum to look maintained.
  • Search for alternatives. If two plugins solve the same problem and one is Low Risk, that's usually the call — even if the Moderate one has a feature you like.
  • If you already run it, make sure you have a recent off-site backup and that you'd notice if the plugin broke something quietly (analytics, forms, payments).
High Risk

Treat this as a real exposure and plan a way out.

  • Audit where the plugin runs on your site and what it touches — admin pages, the database, payment flows, user data. The blast radius determines how urgently you act.
  • Look for an actively-maintained alternative or a fork. For popular abandoned plugins, the community usually publishes a replacement; check WordPress.org and GitHub before assuming there isn't one.
  • If there's no replacement and you can't remove it yet, lock down what you can — restrict admin access, disable any unused features, and put it behind a Web Application Firewall if you have one.
  • Set a deadline on your calendar to remove or replace it. Abandoned plugins don't get safer with time.

Check another popular plugin

Risk scores for some of the most-installed plugins on WordPress.org.

woocommerce elementor contact-form-7 akismet jetpack wordpress-seo wordfence wp-super-cache w3-total-cache all-in-one-seo-pack wpforms-lite classic-editor

Further reading

All guides →

Guides on vetting WordPress plugins and dealing with risky ones.

How to read WordPress plugin reviews and spot misleading ratings

A high star average on a WordPress plugin means less than you think. Here's how to read reviews properly and spot the patterns that mislead most site owners.

How many active installs make a WordPress plugin safe enough?

Active installs signal how battle-tested a plugin is — but the number is widely misread. Here's what the thresholds actually mean, and when they matter most.

What "tested up to" really means for WordPress plugin compatibility

The "tested up to" badge on every WordPress plugin page is widely misread. Here's what it actually tells you — and what to do when it lags behind.