After reading Andrés’ post about a plugin messing up his admin interface, I’ve been thinking about this for a while. Although this happend almost a year ago with an older version of WordPress, the basic problem is still the same: By adding plugins to WordPress you add foreign code to it. Code which is added as a plugin becomes part of your WordPress installation. This means it has the same rights (and the same restrictions) as the other “native” WordPress code. Now what does that mean? What implications does this have on security? I will just list some examples to explain:

• When setting up WordPress, you had to create a database and edit a file called wp-config.php. You added a database name, the username and the password for this database, so that WordPress can access this database and write your blog into it. Now a plugin can also read this config file and access your database. This is usually not a big problem because it contains no personal data (only your blog), but imagine a plugin that is badly written and accidentally deletes some entries of this database…
• If you set up WordPress to use pretty permalinks, you created a .htaccess file. Maybe you made it writeable so that WordPress can update it automatically. If WordPress can write to it, any plugin can write to it too. Now, the original purpose of a .htaccess file is to regulate who has access to which part of your website…Imagine a plugin messing that up
• Now let’s get really paranoid: If you have activated allow_url_fopen or allow_url_include in your php.ini, a malicious plugin can load any code from literally any location on the web and execute it on your server. What would happen if this code allows a spammer to send out mass-email through your server using the mail() function? Your provider would shut your server down within a couple of hours…

Now why do I write down all these worst case scenarios? I don’t want anybody to become paranoid now and delete all his plugins - I am using plugins as well, and they add some great value to WordPress. Most people writing plugins do a very good job and make sure they are as safe as possible.

But I want people to think about what they are doing. I assume that most people using WordPress don’t understand PHP - and I assume also, that most people who do understand it, don’t read through all the code (me neither ). But maybe it’s a good idea to do some research about a plugin before installing it on your server…

Related posts

• Must-have WordPress stuff - part 13: WordPress Database Backup
• Must-have WordPress stuff - part 12: Show Top Commentators
• Must-have WordPress stuff - part 11: UBD Block Ad Plugin