How does the WordPress proposal improve plugin security and performance? WordPress proposed taking a more proactive approach via the path of third-party plugins in an attempt to increase security and website online effectiveness.
What is being discussed is a plugin checker that can ensure that plugins adhere to the most interesting practices. Third-party plugins are a key source of security flaws and website inefficiency.
The proposal presents three approaches to creating a plugin checker and solicits feedback on the idea.
The WordPress proposal explained the problem:
“While there are fewer infrastructural needs for plugins than there are for themes, there are actually certain criteria that are worth confirming, and in any case, testing against security and effectiveness most exciting practises in plugins may be just as important as it is in themes.”
However, there is currently no comparable plugin checker.”
WordPress Vulnerabilities and Poor Performance
WordPress has a reputation for being vulnerable to hackers and slow. As a result, it may be extremely appealing to consider that the WordPress core itself is a highly secure platform.
The bulk of the vulnerabilities impacting the WordPress platform is caused by third-party event plugins. Though WordPress is inherently secure, third-party plugins have caused WordPress to almost become associated with hacked websites.
There is also a drawback to WordPress website online effectiveness. A WordPress Performance Crew actively works to improve the efficiency of the WordPress core itself.
WordPress already has a theme checker that allows theme developers to validate their work for a variety of interesting practices and security.
The same theme checker is used on the official WordPress theme repository. So they want to investigate doing the same thing for plugins.
This is how the suggested plugin checker’s goal was stated:
“There should be a WordPress plugin checker tool that evaluates a given WordPress plugin and identifies any breaches of plugin development best practises with errors or warnings, with a specific emphasis on security and speed.”
The proposal lists three attainable approaches:
- A. Static analysis: That is how themes are verified, although there are limits, like not being able to execute the code.
- B. Server-side analysis: This technique allows the plugin code to execute, as well as a static analysis.
- C. Customer analysis: This uses a headless browser (basically a bot that emulates a browser) to examine the plugin for sections that cannot be detected with a server-side decision. The document mentions various drawbacks to this method, but it also gives solutions to them.
The proposal includes a graph with columns for techniques A, B, and C and rows for the rankings provided for each method for security and effectiveness.
The assessment discovers that the Server-side analysis stands out as a result of the best strategy.
The Most Popular Plugin Practices
The WordPress efficiency crew is exclusively considering building a plugin checker as a suggestion.
That’s only the beginning. However, testing third-party plugins for security and efficiency most interesting practices is an environmentally friendly recommendation since it will gain WordPress buyers and website visitors.
Performance Crew Meeting Summary With Hyperlink to Proposal
Be taught the Plugin Checker Proposal
Proposal: WordPress plugin checker (Google Docs)WordPress proposed a more proactive approach via the path of third-party plugins in an attempt to increase security and website online effectiveness. What is being discussed is a plugin checker that will ensure that plugins adhere to the most interesting practices. Third-party plugins are a key source of security flaws and website performance issues. The proposal discusses three techniques for creating a plugin checker and solicits feedback on the idea. The problem was highlighted in the WordPress proposal: