WordPress.org

Ready to get started?Download WordPress

Forums

Single Latest Posts Lite
Safety (5 posts)

  1. romaiden
    Member
    Posted 4 months ago #

    Hello Jose,
    after this Heartbleed and other attacks before, sometimes related to WP or complete not related, I started to have a consideration: As a plugin developer, what you can say me about safety through the plugins? Could a plugin be a backdoor for invaders or some kind of vulnerability?

    https://wordpress.org/plugins/single-latest-posts-lite/

  2. intelligentDesign
    Member
    Posted 4 months ago #

    Hi Romaiden,

    Absolutely they can be a back door, but that doesn't have anything to do with Heartbleed. The hacking machines are CONSTANTLY scanning every website for known vulnerabilities so the best thing you can do is keep everything updated and use a good security plugin that hides and hardens many weaknesses. I use an old version of Better WP Security and don't update it (ironicly) because of issues with the current one: http://downloads.wordpress.org/plugin/better-wp-security.3.6.6.zip. There are similar ones like "All In One WP Security & Firewall" but I like the one in the link I posted.

    -g

  3. romaiden
    Member
    Posted 4 months ago #

    Thank you very much for your answer.

    Regarding the plugin, I do not know if you saw, but they updated 3 days ago and changed the name: iThemes Security (formerly Better WP Security) 4.1.3, and the Changelog is giant after the 3.6.6 version.

    I contact you soon.
    Bye

  4. Jose Luis SAYAGO
    Member
    Plugin Author

    Posted 4 months ago #

    Hello @romaiden,

    Sorry I missed this message. As @intelligentDesign explained so well. Heartbleed do not directly affect plugins unless they were meant to use some kind of cyphering techniques using OpenSSL.

    However, using plugins may put at risk your WordPress installations, that's why we should check plugins' reviews and ratings before downloading something.

    I as a plugin developer do my best to provide a clean and secure-enough code, however we are human and we could make a mistake which can put at risk users' websites. That's why I encourage people to review my code and provide feedback so I can confirm everything is working as expected.

    Free software developers in my opinion should have a very public profile so people can check who they are, what have they done and if they have a good reputation. I provide my real name as well as links to other things I've done so people can check my background and decide if they trust me enough to install something I've made or not.

    Cheers.

  5. intelligentDesign
    Member
    Posted 4 months ago #

    @romaiden,

    That plugin was SO SUCCESSFUL AND LOVED that it was acquired by a larger company "iThemes", but if you read the support forum for it, you'd see why I stay away (it broke some of my sites at version 4.x.x)

    I've modified the main file in 3.6.6 to say Version: 9993.6.6 so it doesn't ask me to update anymore.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.