DEV Community

Discussion on: Why wordpress?

fmctaggart profile image
Fraser McTaggart Author

Correct me if I'm wrong, as I haven't created a plugin for wordpress. But plugins can be created and submitted quickly and easily judging by the comments below. They can then be installed easily and without thought, by users that don't know the implications. Perhaps giving plugins unregulated access to server-side code isn't ideal?
The list of vulnerabilities and exploits is pretty extensive for wordpress plugins - surely there must be a better way?

Thread Thread
taufik_nurrohman profile image
Taufik Nurrohman • Edited on

They can then be installed easily and without thought, by users that don't know the implications.

You can install a plugin with syntax error in it and then just get a blank screen.

Perhaps giving plugins unregulated access to server-side code isn't ideal?

It’s your web hosting provider duty.

Surely there must be a better way?

Just keep it up to date, and follow the support forums related to the plugin. Security holes sometimes come from old plugins that are no longer updated (but you don’t know and just install it anyway).

Using official plugins or paid plugins must be better (since you could easily complain about things).