Single Latest Posts Lite
Safety (5 posts)

  1. romaiden
    Posted 1 year ago #

    Hello Jose,
    after this Heartbleed and other attacks before, sometimes related to WP or complete not related, I started to have a consideration: As a plugin developer, what you can say me about safety through the plugins? Could a plugin be a backdoor for invaders or some kind of vulnerability?


  2. intelligentDesign
    Posted 1 year ago #

    Hi Romaiden,

    Absolutely they can be a back door, but that doesn't have anything to do with Heartbleed. The hacking machines are CONSTANTLY scanning every website for known vulnerabilities so the best thing you can do is keep everything updated and use a good security plugin that hides and hardens many weaknesses. I use an old version of Better WP Security and don't update it (ironicly) because of issues with the current one: http://downloads.wordpress.org/plugin/better-wp-security.3.6.6.zip. There are similar ones like "All In One WP Security & Firewall" but I like the one in the link I posted.


  3. romaiden
    Posted 1 year ago #

    Thank you very much for your answer.

    Regarding the plugin, I do not know if you saw, but they updated 3 days ago and changed the name: iThemes Security (formerly Better WP Security) 4.1.3, and the Changelog is giant after the 3.6.6 version.

    I contact you soon.

  4. Jose Luis SAYAGO
    Plugin Author

    Posted 1 year ago #

    Hello @romaiden,

    Sorry I missed this message. As @intelligentDesign explained so well. Heartbleed do not directly affect plugins unless they were meant to use some kind of cyphering techniques using OpenSSL.

    However, using plugins may put at risk your WordPress installations, that's why we should check plugins' reviews and ratings before downloading something.

    I as a plugin developer do my best to provide a clean and secure-enough code, however we are human and we could make a mistake which can put at risk users' websites. That's why I encourage people to review my code and provide feedback so I can confirm everything is working as expected.

    Free software developers in my opinion should have a very public profile so people can check who they are, what have they done and if they have a good reputation. I provide my real name as well as links to other things I've done so people can check my background and decide if they trust me enough to install something I've made or not.


  5. intelligentDesign
    Posted 1 year ago #


    That plugin was SO SUCCESSFUL AND LOVED that it was acquired by a larger company "iThemes", but if you read the support forum for it, you'd see why I stay away (it broke some of my sites at version 4.x.x)

    I've modified the main file in 3.6.6 to say Version: 9993.6.6 so it doesn't ask me to update anymore.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Single Latest Posts Lite
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.