Apache Friends Support Forum

[FredPhillips]

Hi Everyone,

I'm seeking some insights and opinions regarding the detection of vulnerable plugins in WordPress. As we know, keeping our WordPress sites secure is crucial, and one aspect of that is identifying and addressing any vulnerabilities in the plugins we use.

I'd love to hear from the community about your experiences and methods for detecting vulnerable plugins. Have you come across any effective tools, practices, or resources that help with this? What warning signs or red flags do you look for?

Feel free to share your thoughts, tips, or any best practices you follow when it comes to plugin security in WordPress. Your contributions would be greatly appreciated!

[Nobbie]

As there is no way to detect vulnerable plugins, you only must edit the source code and watch out for suspicious code, i finally uninstalled wordpress and returned to programming my sites old fashioned by myself.

My server had been hacked a couple of times a few years ago and i started to investigate about the reasons. I quickly found some articles about vulnerable wordpress plugins which told me, that plugins were not checked by any wordpress developers and were coming from unknown people. The only "advice" from WordPress was to " harden" my server. Therefore i decided to drop WordPress, its a hilarious security risk.

Now my site is programmed in pure HTML and PHP and i never had any issue.

That's how it is.