Comments on: How can a WordPress plugin be unsafe

By: stratos.me » Blog Archive » Get rid of the Sociable plugins. Do it yourself!

Mon, 08 Dec 2008 19:26:44 +0000

[...] people to minimize their plugin needs. They are resource hungry and may cause problems due to security issues on your blog. There are those that agree to that but say that on the other hand there are those [...]

By: stratosg

stratosg — Sun, 07 Dec 2008 12:12:47 +0000

@Velvet Blues: Yah in general if you use the framework instead of going snooping around you will probably never have a problem. In any case one should be very careful when choosing to install a plugin.

@Raju Not a problem man. That’s what we are here for. Discussing a subject I would like to add that i have Microkid’s related posts and it seems to suit fine

By: Raju

Raju — Sun, 07 Dec 2008 07:29:49 +0000

@Kim,
were u using Yet Another Related Posts plugin? Cos I ran into problems using it. I switched over to Azittos Related Posts plugin which works like a charm!

@Stratos,
Sorry for diverting the topic

By: Velvet Blues

Velvet Blues — Sun, 07 Dec 2008 03:26:15 +0000

Yeh, the WordPress plugin API, when used correctly, does a good job of preventing attacks. However, I have heard of some plugins, namely those that use AJAX, being problematic. (One of the poll plugins in particular was noted.)

I could imagine that a form submission plugin could be problematic as well, not necessarily for attacking a database, but for doing other equally fun things like deleting files (or creating new files).

By: stratosg

stratosg — Wed, 03 Dec 2008 07:40:45 +0000

@Kim Thanks! I haven’t found such a plugin either but there still is a threat that a coder could make a mess big time. As for the related articles i didn’t notice any bottleneck there but then i don’t have that much traffic

@Sire Thanks. To be honest no i don’t have any pricing but i think it will depend on the problem at hand. But, pricing should not make my friends hesitate to contact me. If there is a problem we will resolve it and settle it afterwords

@Raju Yah coders are very careful but as i said there is the potential. As for the plugin you said that is actually nasty. If i wanted something like that i would simply ask and i am sure that all the plugin users would do it out of their heart.

Thanks for dropping in guys! I really appreciate your feedback and comments!

By: Raju

Raju — Wed, 03 Dec 2008 07:17:39 +0000

I agree with Kim here. There are many plugins which are badly coded. badly coded in a way that it slows down the website and overuse resources. But I haven’t found out any plugin which can cause a potential threat to the website security as such. may be they are harmless ones which goes unnoticed.
First time I realized the potential threats from a plugin was when I installed a plugin it automatically added its author’s site to my blogroll and footer section and didn’t take them out even after uninstalling

By: Kim Woodbridge | (Anti) Social Development

Kim Woodbridge | (Anti) Social Development — Wed, 03 Dec 2008 02:40:16 +0000

I have not hard any plugins cause a security risk but have had them cause a decrease in performance. I had to remove the Related Posts plugin from my elephant site because it was causing too much CPU usage and my host took down my site until I resolved the problem. Only from the server logs was I able to tell which plugin was causing the problem.

Great article!