WordPress Plugins: Quick Tips to Stay Safe

Installing any third-party software on your web server is a risk, but in the open source community there is a feeling that scams are simply out-of-place – any user can check the code for shenanigans at any time.

Despite this there have always been reports here and there that plugins for WordPress contain malicious code, or work in the background to deliver the admin username and password to the author of the plugin. Trouble like this may be rare, but it only takes one case of misplacing your trust for a big headache to ensue.


So how exactly can you protect yourself against malicious code when installing open source plugins?

  1. Choose well-known plugins from well-known developers – this is no guarantee of code safety, but it certainly helps.
  2. Find reviews of the plugin via Google – people talk!
  3. My personal favorite: scan the code. Take a look through, use your code editor’s search function to look for out of place email addresses and JavaScript. Nothing says “safe” like a thorough perusal of the code with your own two eyes.

Share Your Thoughts