WordPress proposal takes aim at improving security and performance of third party plugins
WordPress announced a proposal to take a more proactive approach toward third party plugins in order to improve security and site performance.
What is being discussed is a plugin checker that will make sure that plugins are following best practices.
Third-party plugins are a major source of security vulnerabilities and website performance bottlenecks. The proposal outlines three ways to tackle a plugin checker and solicits feedback on the idea.
The WordPress proposal defined the problem:
“While there are fewer infrastructure requirements for plugins than there are for themes, there are certainly some requirements that are worth verifying, and in any case, checking against security and performance best practices in plugins would be just as essential as it is in themes.
However as of today, there is no corresponding plugin checker.”
The WordPress publishing platform has received a reputation for being vulnerable to hackers and for being slow.
So it may be surprising to learn that the WordPress core itself is a highly secure platform.
The majority of the vulnerabilities affecting the WordPress platform are due to third party plugins.
Even though WordPress itself is reasonably safe, third party plugins have caused WordPress to virutally become synonymous with hacked sites.
There is a similar issue with regard to WordPress site performance, too. A WordPress Performance Team actively works on improving the performance of the WordPress core itself.
WordPress already produces a theme checker that allows theme developers to check their work for best practices and security. The same theme checker is used on the official WordPress theme repository, too.
So now they want to explore doing the same thing for plugins.
This is how the goal of the proposed plugin checker was defined:
“There should be a WordPress plugin checker tool that analyzes a given WordPress plugin and flags any violations of plugin development best practices with errors or warnings, with a special focus on security and performance.”
The proposal lists three possible approaches:
The proposal features a graph with columns for approaches A, B, and C and rows that correspond to ratings assigned to each approach for security and performance issues.
The evaluation finds that the Server-side analysis may be the optimal approach.
The WordPress performance team is not committed to creating a plugin checker, this is just a proposal. This is just the starting point.
Nevertheless, checking third party plugins for security and performance best practices is a good idea because it will benefit WordPress users and site visitors.
WordPress Performance Team Meeting Summary
Proposal: WordPress plugin checker (Google Docs)
Featured Image: Mr.Exen/Shutterstock
Roger Montti is a search marketer with over 20 years experience. I offer site audits, phone consultations and content and …
Get our daily newsletter from SEJ’s Founder Loren Baker about the latest news in the industry!
Subscribe to our daily newsletter to get the latest industry news.
Hire me on the World’s Leading Online Marketplace Freelancer.com to design your website. Additional services like- graphic design, virtual assistance, SEO, Data entry, etc are available. Click on This Link to start your project