WordPress is the most widely used content management system worldwide. Websites built with it are regularly attacked due to security gaps. However, vulnerabilities in plugins and themes are often gateways for hackers. Users have to update them manually. An official auto update plugin should now remedy the situation. The extension WordPress updates are currently still in phase and it is recommended not to use the plugin in productive environments yet.
Do Automatic Plugin Updates Bring Risks?
Not every plugin project has the power. Most of the free plugins in the WordPress plugin directory are only developed by one person or maybe a small team. That doesn’t mean that these plugins are bad. We know from the past, that it is mostly the plugins that open security gaps and thus your own WordPress instance becomes a target for hackers. It can therefore be assumed that the code quality suffers or is not tested enough. But it explains why we quickly click on the update button for well known plugins and rather not for others.
Do Not Customize Plugins Yourself
To save development time, official and unofficial plugins are often simply adapted by developers. If the version number or the name of the plugin is not changed, WordPress offers an update, although this may not be carried out because it would otherwise overwrite your own changes.
Detect Bad Plugins
How could you recognize a bad plugin? Since the layperson cannot check whether the code quality is good, a system would have to be created that can do this. Would something like that work? The answer is very clear: yes! A small WordPress team is already working on such a system. The vision is to carry out automated quality tests for all WordPress plugins and themes and to make these test results visible to both the authors and the end users of these plugins and themes.