WordPress announced a proposal to take a more proactive approach toward third party plugins in order to improve security and site performance.
What is being discussed is a plugin checker that will make sure that plugins are following best practices.
Third-party plugins are a major source of security vulnerabilities and website performance bottlenecks. The proposal outlines three ways to tackle a plugin checker and solicits feedback on the idea.
The WordPress proposal defined the problem:
“While there are fewer infrastructure requirements for plugins than there are for themes, there are certainly some requirements that are worth verifying, and in any case, checking against security and performance best practices in plugins would be just as essential as it is in themes.
However as of today, there is no corresponding plugin checker.”
The WordPress publishing platform has received a reputation for being vulnerable to hackers and for being slow.
So it may be surprising to learn that the WordPress core itself is a highly secure platform.
The majority of the vulnerabilities affecting the WordPress platform are due to third party plugins.
Even though WordPress itself is reasonably safe, third party plugins have caused WordPress to virutally become synonymous with hacked sites.
There is a similar issue with regard to WordPress site performance, too. A WordPress Performance Team actively works on improving the performance of the WordPress core itself.
But that effort can be undermined by third party plugins that load JavaScript and CSS on pages where they’re not required or don’t lazy load images, which ends up slowing down website performance.
WordPress already produces a theme checker that allows theme developers to check their work for best practices and security. The same theme checker is used on the official WordPress theme repository, too.
So now they want to explore doing the same thing for plugins.
This is how the goal of the proposed plugin checker was defined:
“There should be a WordPress plugin checker tool that analyzes a given WordPress plugin and flags any violations of plugin development best practices with errors or warnings, with a special focus on security and performance.”
The proposal lists three possible approaches:
The proposal features a graph with columns for approaches A, B, and C and rows that correspond to ratings assigned to each approach for security and performance issues.
The evaluation finds that the Server-side analysis may be the optimal approach.
The WordPress performance team is not committed to creating a plugin checker, this is just a proposal. This is just the starting point.
Nevertheless, checking third party plugins for security and performance best practices is a good idea because it will benefit WordPress users and site visitors.
WordPress Performance Team Meeting Summary
Proposal: WordPress plugin checker (Google Docs)
Featured Image: Mr.Exen/Shutterstock
Here is a recap of what happened in the search forums today, through the eyes…
Navigating the world of Instagram posting involves many considerations, but one crucial aspect is timing…
I am deeply sad to report that Mark Irvine passed away unexpectedly last night. Mark…
Google AdSense has removed reference to your privacy policy as a place to withdraw consent.…
One of the big worries for Google investors was the cost of running AI to…
This week, we covered how the Google March 2024 core update finished back on April…
This website uses cookies.
Leave a Comment