repository

The Dangers Of Using WordPress Plugins From Untrusted Sources

The folks over at Sucuri have reminded us once again why it’s important to only download plugins from trusted sources. In a disturbing post published on the Sucuri blog, Denis Sinegubko highlights the dangers of using plugins from untrusted sources. In this post, we’ll talk about “patched” malicious premium plugins. (more…)

Checkmarx, a company founded in 2006 that specializes in automated security code reviews has published a security vulnerability report on the top 50 plugins on the WordPress plugin repository. In the report published on June 18th, 2013 Checkmarx concluded that more than 20% of the 50 most popular WordPress plugins (more…)

A few days ago, Sucuri mentioned that the Absolute Privacy plugin for WordPress contained a security vulnerability that would allow the ability to bypass the authentication mechanism and gain admin access to the application, that being WordPress. The plugin was subsequently pulled from the repository as there had not been (more…)

It’s been awhile since we’ve had a discussion revolving around those three magic letters GPL. It looks like we’ll be talking about it again considering that somewhere around 500 plugins run the risk of being purged due to their incompatibility with GPLv2. There has been an ongoing discussion within the (more…)

For recently joining the 700 club. That number represents the amount of themes he has reviewed since joining the WordPress theme review team! Thanks goes out to Emil for volunteering his time to make the theme repository a better place. Out of curiosity, after reviewing 700 themes, I wonder what (more…)

@WraithKenny – #WordPress plugin repo should have a favorites button. – via Twitter Now THAT’S a good idea! Stretch it further by giving us the option decision to make our favorite lists private or public on WordPress.org. There are all sorts of things you can do from there on in.

Siobhan McKeown has published a disturbing yet not out of the ordinary article that explains how a couple of plugins were recently added to the plugin repository that were using a version of J-Query from J-Query.org which after investigation proved to be a fake website. The purported J-Query file was (more…)

WPBeginner has laid out an interesting question. Do we need a better 404 page for WordPress plugins repository? They think so and I do to. I’ve experienced the issue of clicking a plugin link only to be redirected magically to the plugin repository page without any explanation as to why. (more…)