WordPress Proposal To Improve Security & Performance of Plugins
WordPress proposes to improve the security and performance of third-party plugins.
WordPress proposed to be more proactive in dealing with third-party plugins to improve site performance and security.
A plugin checker is what is being discussed. It will ensure that plugins follow best practices.
Third-party plugins can cause security issues and slow website performance. The proposal offers three options to address a plugin-checker problem and invites feedback.
The WordPress proposal outlined the problem:
Although plugins have fewer infrastructure requirements than themes, they still need to be verified. In any case, plugins should be checked against security and performance best practices, just like themes.
There is currently no plugin checker.
WordPress Vulnerabilities and Poor Performance
WordPress has a fame for being slow and vulnerable to hackers.
It may surprise you that WordPress is a highly secure platform.
Third-party plugins are responsible for most of the vulnerabilities in WordPress.
WordPress is relatively safe, but third-party plugins have made it synonymous with hacker sites.
The performance of WordPress sites is also a problem. The WordPress Performance Team works actively to improve the performance of WordPress core.
Third-party plugins can slow down your website’s performance by loading JavaScript or CSS on pages that aren’t required.
Plugin Tester
WordPress already has a theme-checker that allows theme developers and designers to verify their work for security and best practices. This theme checker can also be found on the official WordPress theme repository.
They are now exploring the possibility of doing the same for plugins.
This was how the purpose of the plugin checker was described:
“A WordPress plugin checker tool should analyze a WordPress plugin and flag any violations of best practices in plugin development with errors or warnings with a particular focus on security or performance.”
This proposal lists three approaches to
A. Static analysis is the way themes are checked, but it has limitations such as not being possible to run code.
B. This allows the plugin code and static analysis to run.
C. This will load a headless browser, essentially a bot emulating browsers. The plugin gets tested for issues that a server-side solution cannot detect. This document lists some of the challenges but also offers solutions.
The proposal includes a graph showing the columns for approaches A, C, and B and rows representing the ratings for each method in security and performance issues.
The evaluation found that Server-side analysis might be the best approach.
Best Practices in Plugins
The WordPress performance team has not yet committed to creating a plugin-checker. This is only a suggestion. This is only a starting point.
However, checking third-party plugins for security and performance best practices is a good idea. This will benefit both WordPress users and site visitors.