WordPress recently announced a proposal to take a more proactive approach toward third party plugins in order to improve security and site performance. What is being discussed is a plugin checker that will make sure that plugins are following best practices.
Third-party plugins are a major source of security vulnerabilities and website performance bottlenecks. The proposal outlines three ways to tackle a plugin checker and solicits feedback on the idea. The WordPress proposal defined the problem like this:
|"While there are fewer infrastructure requirements for plugins than there are for themes, there are certainly some requirements that are worth verifying, and in any case, checking against security and performance best practices in plugins would be just as essential as it is in themes. However as of today, there is no corresponding plugin checker."|
WordPress already produces a theme checker that allows theme developers to check their work for best practices and security. The same theme checker is used on the official WordPress theme repository, too. So now they want to explore doing the same thing for plugins. This is how the goal of the proposed plugin checker was defined:
|"There should be a WordPress plugin checker tool that analyzes a given WordPress plugin and flags any violations of plugin development best practices with errors or warnings, with a special focus on security and performance."|
The proposal features a graph with columns for approaches A, B, and C and rows that correspond to ratings assigned to each approach for security and performance issues.
What are some of your own experiences with third party plugin problems?