Trustworthiness of developers?

  • baytonemus

    (@baytonemus)


    7 years, 8 months ago

    We are a non-profit and are looking at plugs that will allow donors to make contributions through our PayPal account. I’ve looked at more than a dozen of those plugs and installed 3 or 4 to check them out more closely. The one in which I am most interested – has the kind of flexibility/customizability that I think would be really helpful for us – has only about 20 installs, and the only review is by the developer (gave himself a 5).

    Because this involves financials, it has me wondering about the process, if any, that WP has for approving developers and/or ‘inspecting’ the code of plugins. I’m not a coder. I can write HTML, CSS, and enough PHP to get myself in trouble. I know that PayPal itself is very secure, but I’m wondering if it’s possible for a developer to put something into the code of a plugin that would harvest information. You know what I’m asking?

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    7 years, 8 months ago

    WP has for approving developers and/or ‘inspecting’ the code of plugins.

    WordPress plugins are reviewed before they go into the repository on wordpress.org for security and compliance with WordPress standards. Because the plugins are open source, there are also LOTS of eyes on that code.

    Can something slip through or someone find a vulnerability and exploit it rather than report it to the plugins & security teams? Sure. There are no guarantees, either explicit or implicit.

    the only review is by the developer (gave himself a 5)

    And I’m sure his mom is proud of him. 🙂

    Thread Starter baytonemus

    (@baytonemus)

    7 years, 8 months ago

    As was my mom of me. (She thought I was a genius.)

    Thanks for the response, Steve!

    Jason King

    (@jasoncharlesstuartking)

    7 years, 8 months ago

    Taking donations through your WordPress site and using a plugin and Paypal is a perfectly valid approach, but also consider using a third party service such as JustGiving (or one of the many alternatives). They take a higher percentage but this pretty much eliminates worries about trustworthiness.

    Luke Cavanagh

    (@lukecavanagh)

    7 years, 8 months ago

    @baytonemus

    I have seen a couple of times where a plugin developer has a direct PayPal donation link in main plugin php file, just in the plugin header. But this is more a way for making a donation for a free plugin, where a developer has put time and effort into a well built useful plugin.

    Thread Starter baytonemus

    (@baytonemus)

    7 years, 8 months ago

    Taking donations through your WordPress site and using a plugin and Paypal is a perfectly valid approach, but also consider using a third party service such as JustGiving (or one of the many alternatives). They take a higher percentage but this pretty much eliminates worries about trustworthiness.

    Yes, we’ve looked into that, Vanco, in particular because they have an e-check/direct bank transfer option. However, it’s another $20/mo and higher fees. We can already accept CCs with PP, and they have a sterling security record.

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Trustworthiness of developers?’ is closed to new replies.