Comments on: Wordpress Plugins Security Flaw – A Blackhats Dream

By: Paul Anthony

Paul Anthony — Sun, 21 Aug 2011 17:38:39 +0000

Rishil,

I think Donncha has a security plugin – sweeps your code looking for Base64 and other various nasties.

http://ocaoimh.ie/exploit-scanner/

Well worth a look

Paul.

By: rishil

rishil — Mon, 18 Apr 2011 17:10:24 +0000

Hey Otto, thanks for dropping by. Rest assured, anything dodgy we find will get to you guys
I just wanted to highlight that stuff like this does and can happen.

By: Otto

Otto — Mon, 18 Apr 2011 16:49:09 +0000

For what it’s worth, while the wordpress.org plugin repository isn’t reviewed or monitored for bad plugins, we do have a very low tolerance for that sort of thing.

If you find a plugin doing “bad” things (with a very liberal definition of “bad”), then emailing plugins@wordpress.org about it will get it looked at, possibly updated to remove the bad stuff from any existing installs (if there are any), as well as get the plugin developer burned and crucified on the “no-spammer” altar. Mark R (the plugins guy) has a very, very low tolerance and an unforgiving nature about that sort of thing.

We can’t control what plugins are released elsewhere, but we do have complete control over what’s on wordpress.org and will take whatever steps are necessary to remove spammy BS.

A plugin reviewer team would be nice, but it’s a big, big job if you sit down and think about it. We’re only just now getting into stride with the theme reviewer system, implementing a plugin review system is an order of magnitude more difficult.

By: rishil

rishil — Mon, 18 Apr 2011 08:17:45 +0000

yes you should. See my next post…

By: roey

roey — Sat, 16 Apr 2011 17:28:44 +0000

thank you for this greay post. what about joomla plugins?
should i be worried as well?

By: Derek Jansen

Derek Jansen — Tue, 12 Apr 2011 13:49:37 +0000

Thanks for revealing this topic – while I’ve always been aware of the SEO spam abuse element, but the hacking element was ignored.

By: Liam Kenneth

Liam Kenneth — Tue, 12 Apr 2011 06:44:22 +0000

Interesting Article

By: Rick

Rick — Mon, 11 Apr 2011 17:06:40 +0000

Scary stuff…you always presume Wordpress is flaw free.

By: Roie

Roie — Sun, 10 Apr 2011 11:32:21 +0000

It’s the same concept as torrents and hacked software being bundled with viruses and trojans to hijack PC’s of unsuspecting down-loaders eagerly awaiting to use the next MS or Adobe software for free… these days, anything offered free should come with a warning label on it.

By: Aussiewebmaster

Aussiewebmaster — Fri, 08 Apr 2011 22:19:16 +0000

Give away all my secrets – thanks mate