To some degree, the world of WordPress plugins is a bit like the old wild west. The open source platform means that anyone can write plugins to extend functionality. At its best, plugin authors create useful tools to help us build highly-functional websites for very little cost. The other side of the coin is that plugins containing security holes and even malicious code can put us at risk. For example, it was recently discovered that an updated version of Display Widgets (a plugin with over 200,000 active installations) included code that generated SEO spam posts within WordPress. This was all done without the site owner’s knowledge or permission. While this was certainly a nuisance, it’s not hard to imagine something even worse being attempted in the future. Such malware could potentially delete website content or infect a visitor’s computer or mobile device. This is a serious threat that could cause widespread damage. We sometimes fall into the trap of installing plugins on a whim and assuming that nothing bad could come of it. Unfortunately, that strategy isn’t the most secure. Instead, there are some things you can do to help lower the risk of installing
Share This