WordPress suggests checking plug-ins for security and performance

MY NUMBER 1 RECOMMENDATION TO CREATE FULL TIME INCOME ONLINE: CLICK HERE

WordPress has announced a proposal for a more proactive approach to third-party plug-ins to improve the security and efficiency of the site.

A plug-in viewer is being discussed to ensure that plug-ins follow best practices.

Third-party plug-ins are a major source of security vulnerabilities and bottlenecks in the operation of the Website. The proposal describes three ways to solve plug-in verification and requires feedback on the idea.

The WordPress proposal identified a problem:

“Although there are fewer infrastructure requirements for plug-ins than for themes, there are certainly some requirements that are worth checking out, but in any case, checking safety and performance best practices in plug-ins would be just as important as for themes.

However, as of today, there is no proper verification of plug-ins. “

Vulnerabilities and poor performance of WordPress

The WordPress publishing platform has received a reputation for being vulnerable to hackers and slow.

So it may come as a surprise to learn that the WordPress kernel itself is a very secure platform.

Most of the vulnerabilities that affect the WordPress platform are due to third-party plug-ins.

Although WordPress itself is fairly secure, third-party plugins have made WordPress virtually synonymous with embedded sites.

A similar issue is with the performance of WordPress. The WordPress Performance Team is actively working to improve the performance of the WordPress core itself.

But this effort can be undermined by third-party plug-ins that load JavaScript and CSS on pages that don’t require or don’t lazily load images, which ultimately slows down the site’s performance.

Plug-in checker

WordPress is already producing a theme viewer that allows theme developers to test their work on best practices and security. The same theme viewer is also used in the official WordPress theme repository.

Now they want to research to do the same thing for plugins.

Thus, the objective of the proposed plug-in verification was defined:

“There should be a WordPress plug-in verification tool that analyzes a given WordPress plug-in and identifies any breaches of best-practice plug-in development with errors or warnings, with a special focus on security and performance.”

The proposal identifies three possible approaches:

  • A. Static analysis
    This checks themes, but there are limitations, such as the inability to run code.
  • B. Server-side analysis
    This method allows you to execute plug-in code, and static analysis can also be performed.
  • C. Client-side analysis
    This loads the headless browser (basically a bot that mimics a browser) and then tests the plug-in for issues that may not necessarily be detectable by a server-side solution. The document highlights some of the challenges of this approach, but also outlines ways to circumvent them.

The proposal contains a graph with columns for approaches A, B and C and rows corresponding to the assessments assigned to each approach for safety and efficacy issues.

The evaluation concludes that server-side analysis may be the optimal approach.

Best practices for plugins

The WordPress performance team is not committed to creating plug-in validation, it’s just a suggestion. This is just the starting point.

Nevertheless, checking third-party plug-ins for security and performance best practices is a good idea because it will benefit WordPress users and site visitors.


Quotes

Summary of the performance team meeting with a link to the proposal

Summary of the WordPress Performance Team Meeting

Read the plug-in verification proposal

Suggestion: check WordPress plugins (Google Docs)

Selected image: Mr.Exen / Shutterstock

MY NUMBER 1 RECOMMENDATION TO CREATE FULL TIME INCOME ONLINE: CLICK HERE

Leave a Comment

error: Content is protected !!