Are word press plugins save?

18 replies
Hello Warriors,

I heard this things that some of wp plugins are not save. Inside the plugins have some hidden code that hack sites and blogs. Is it true or false?

And how we can secure our blogs?
#plugins #press #save #word
  • Profile picture of the author Daniel Elss
    For the most part they are safe as long as you get them from a trusted source, like Wordpress. Just don't buy any ole plugin from any ole joe off the street if you cant find any information about it. Read reviews. If you download one, scan the zip file before unzipping or installing if you are worried about it.
    {{ DiscussionBoard.errors[7397437].message }}
  • Profile picture of the author locke815
    Definitely it's safe. Don't go for the 3rd party ones. Go directly from their official site
    {{ DiscussionBoard.errors[7397898].message }}
    • Profile picture of the author UdoMoss
      My experience with Word Press plug-in's is positive. I use them for years, but only from WordPress directly. As mentioned before, don't go through a third party, than you should be on the safe way.
      {{ DiscussionBoard.errors[7398081].message }}
      • Profile picture of the author JonPL
        As long as you get plugins direct from wordpress.org you should be safe. For some premium plugins you have to go to the plugin developer's site so make sure it's the correct site. You are right to express concern though for two reasons. Firstly some unscrupulous people do modify plugin code and pass them off as genuine. Secondly some badly written plugins could provide a way in for hackers.

        In general when searching on wordpress.org for a plugin to provides certain features that I need, I go to wordpress.org and look for a reasonable number of downloads and a decent star rating.
        {{ DiscussionBoard.errors[7398349].message }}
    • Profile picture of the author CyberSEO
      Originally Posted by RobertAxelsen View Post

      Also, if you're concerned about WordPress security, I highly recommend this plugin: WordPress › Better WP Security « WordPress Plugins
      All those security plugins are barely helpful.

      Originally Posted by locke815 View Post

      Definitely it's safe. Don't go for the 3rd party ones. Go directly from their official site
      The official WordPress repository does not guaranty anything. Everything you download from there comes "AS IS".

      Telling you this as a WordPress developer who's plugins are available at wordpress.org
      Signature
      CyberSEO Pro - the ultimate all-in-one autoblogging WordPress plugin, powered by OpenAI GPT-4, Anthropic Claude, Google Gemini Pro, DALL-E 3 and Stable Diffusion XL
      {{ DiscussionBoard.errors[7403032].message }}
  • Profile picture of the author RobertAxelsen
    Originally Posted by fizamalik View Post

    Hello Warriors,

    I heard this things that some of wp plugins are not save. Inside the plugins have some hidden code that hack sites and blogs. Is it true or false?

    And how we can secure our blogs?
    As people have mentioned already, as long as you go with plugins via wordpress.org or the search function inside the admin area, you're safe.

    Also, if you're concerned about WordPress security, I highly recommend this plugin:
    WordPress › Better WP Security « WordPress Plugins
    Signature
    Want YOUR OWN website or blog?

    Let's Create Your Website Together...

    Live event (with free mindmap) shows you how to easily create your own website.
    {{ DiscussionBoard.errors[7398367].message }}
  • Profile picture of the author so11
    Security advice for wordpress plugin use

    Time is probably our most important resource. Every day we search for new tools and ideas to optimize our daily tasks. WordPress or any other content management system (CMS) and their plug-ins aren’t exception. They are there to fulfill specific needs; otherwise it would take a lot more resources to accomplish your goals including time, money and so on.

    WordPress is the most used CMS in the world; there are plug-ins and themes available to accomplish pretty much every possible need.

    read more here : Security advice for WordPress plug-in use | ITadvices.com
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7399456].message }}
  • Profile picture of the author salegurus
    If you are downloading cracked plugins, themes then yes you will have problems...
    I have never had a problem with paid plugins, themes or even plugins from wp.org.
    Signature
    Think of how stupid the average person is, and realize half of them are stupider than that.

    ― George Carlin
    {{ DiscussionBoard.errors[7399524].message }}
  • Profile picture of the author fizamalik
    Thanks you all for the advice and suggestions.
    {{ DiscussionBoard.errors[7402846].message }}
  • Profile picture of the author VivekThakur
    I am not think so may be it happen, Get it from safe source.
    Signature

    Enjoy Life.

    {{ DiscussionBoard.errors[7403068].message }}
  • Profile picture of the author garfield29
    I've never encountered any security issues with plugins from wordpress.org so far, and I think that pretty makes them a safe source for plugins.

    Just be sure to get those plugins from reliable sources. And yeah, read reviews..
    {{ DiscussionBoard.errors[7403091].message }}
    • Profile picture of the author Maruelle
      Before you purchase a WP plugin, make sure to search for reviews.
      {{ DiscussionBoard.errors[7403225].message }}
      • Profile picture of the author CyberSEO
        Originally Posted by Maruelle View Post

        Before you purchase a WP plugin, make sure to search for reviews.
        That's a very very good suggestion. Actually the same rule applies to freeware plugins too.
        Signature
        CyberSEO Pro - the ultimate all-in-one autoblogging WordPress plugin, powered by OpenAI GPT-4, Anthropic Claude, Google Gemini Pro, DALL-E 3 and Stable Diffusion XL
        {{ DiscussionBoard.errors[7403805].message }}
  • Profile picture of the author Kingfish85
    Here's the thing that no one seems to have mentioned - just because the plugin is in the Wordpress repository DOES NOT mean it's safe nor does it mean it's still supported.

    As far as security goes - STOP INSTALLING PLUGINS! You don't need plugins to do simple tasks like adding Google Analytics code. There's no "plugin" for security. Sure, some of them help, but there are ways around them.

    EDIT: except for CyberSEO
    Signature

    |~| VeeroTech Hosting - sales @ veerotech.net
    |~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
    |~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
    |~| Visit us @veerotech Facebook - Twitter - LinkedIn

    {{ DiscussionBoard.errors[7403842].message }}
  • Profile picture of the author onSubie
    Originally Posted by fizamalik View Post

    Hello Warriors,

    I heard this things that some of wp plugins are not save. Inside the plugins have some hidden code that hack sites and blogs. Is it true or false?

    And how we can secure our blogs?
    You can use Theme Authenticity Checker (TAC) available at Wordpress. It checks all the Theme files for potential threats like obfuscated code and static links.

    WordPress › Theme Authenticity Checker (TAC) « WordPress Plugins

    You can also find a Plug In checker at WP.

    Mahlon
    {{ DiscussionBoard.errors[7404439].message }}

Trending Topics