A WordPress plugin is an application that allows you to add new functionality to your WordPress site. Just like apps do for your smartphone.
If you are familiar with WordPress, you have probably encountered what’s called the “Repository of free WordPress plugins”. Essentially, the repository is a large digital repository of free WordPress plugins that can be installed with a few clicks through the admin interface of WordPress itself on any website that uses – WordPress.
Currently, the repository contains almost 60,000 plugins with over one billion and 240 million downloads. Each of these plugins (at least most of them) brings certain features to a WordPress website, to put it in layman’s terms – they enhance its capabilities. But are these plugins safe to use, who creates them, maintains them, and who even reviews the plugins before they appear in the official WordPress plugin repository?
The creator and co-founder of WordPress CMS is Matt Mullenweg while his company Automattic Corporation owns WordPress.com. Every plugin published there goes through a manual review before it becomes publicly available.
But is everything as secure and vetted? The recent interesting incidents suggest that there are loopholes in the WordPress plugin ecosystem that can be abused to hack and infect a large number of websites. Let us see how and why.
Authors of the WordPress Plugins
The authors of the plugins in the free WordPress repository are people with different profiles, from all over the world, with different programming skills, with different goals and intentions. It’s a motley crew that’s hard to describe in a few sentences.