Hi all,
I’m seeking some advice on how you ensure the security of your WordPress plugins and themes?
This is my first job as a WordPress dev at a university and my boss is asking about how we would be able to prove certain useful plugins are secure to the higher-ups.
What are your thoughts and experiences on:
1. What tools or methods do you use to audit the security of a plugin or theme before using it or after installing it?
2. How do you handle plugin / theme updates over time to make sure they are still secure (like there aren’t malicious requests being made)?
Any advice would be greatly appreciated. Thanks for your help!
You can check plugins vulnerability using many tools.
The one I use is this:
[https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/])
Do not use nulled plugins or themes as they contain backdoors.