In this episode of WPwatercooler’s Dev Branch, we’ll be joined by Robert Rowley, a Security Expert, to discuss a critical aspect of building sites with WordPress — plugins. Specifically, we’ll delve into the topic of abandoned plugins and the risks that they can pose to website security.
We discuss the issue of abandoned WordPress plugins being used to exploit sites by hackers. We talk about a recent story where hackers were using an abandoned plugin to insert PHP into sites and how it was difficult to find and remove the code. We also discuss the problem of old plugins still being listed in the WordPress repository and how it’s hard to contact the developers of these plugins. We suggest solutions like monitoring spikes in downloads and making it easier for someone to take over an abandoned plugin. We also mention a plugin being tested to test plugin dependencies and adding security contact information to a plugin.
Join us for this important conversation about orphaned WordPress plugins learn and how to keep your website safe from potential security threats.
Leave a Reply