There are thousands of plugins and themes available at wordpress.org and many other third parties. There is every possibility of bad plugins and themes being uploaded, which once uploaded could send info about the site to its owner. It could also send the information in the wp-config.php (A high security risk).
Please tell me how to protect wordpress sites from this other than by reading the code line by line. Also tell me if plugins and themes at wordpress.org are analyzed by the wordpress developers for threats like this before making it available to public.
Thank you.
Peace to All....
As with any code you run on your own server(s), WordPress plugins are caveat emptor.
That said, popular plugins have probably had a fair number of eyes on their code, making it unlikely that they're doing something shady. You probably don't need to go over them with a fine-tooth comb before installing them.
Lesser-known/used plugins, however, should probably be looked over before you install them on a site/server that you care about.
WordPress.org does not review every bit of code that goes into plugins - the only time they even do any review at all is when the plugin is initially submitted to the plugin directory, and that's cursory at best (mostly just to avoid spam). A plugin's code can change drastically after it's initially submitted.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With