How to check if a WordPress plugin is secure to use
When you are are building a media or a brand it’s important to use secure and reliable products. We understand that interest, as the situation in the cyber world is far from calm and safe. As systems grow and become more and more complicated, it’s easier to find holes in security.
When you are building something on WordPress, you are likely to add plugins (like Setka Editor). While we think a lot about the security of our products (more on that in a minute), some plugins are not so secure. Here are a few tips to protect your company from potential attacks and breaches when using plugins.
5 best practices to ensure your WordPress plugin security
Escape values from user’s input and untrusted sources.
Use WordPress Nonces on the settings pages and in HTML forms.
Use WordPress Capabilities to manage admin permissions.
Use popular open source libraries, which are used by many people (Symfony, WordPress CLI, PHP Unit and any other framework components).
Follow WordPress official and community guidelines.
We think a lot about plugin security, too. Here’s a little bit about our approach to keeping your site safe.
Once the registration process is complete, the system generates a license key for identifying a client’s WordPress instance during communication. Token entropy prevents unauthorized users from guessing valid license keys. All requests are passed via secure https protocol.
We use Stripe, the world’s leading platform for accepting payments and storing card information, so customer payment data can’t be accessed by our team or possible attackers at all.
All requests are handled through standard WordPress endpoints. We process only our requests, leaving others untouched.
Every parameter is sanitized and carefully checked to prevent SQL injections and other potentially dangerous situations. To make it safe enough, old PHP & WordPress versions are unsupported because of well-known security holes.
To learn more about downloading the Setka Editor plugin, read our guide. If you are curious about plugin integration to a custom CMS, click here. If you encounter any problems during the setup process, please reach out to us via our support channels.