|
|
|
|
|
|
by lucaspiller
3862 days ago
|
|
|
I meant more that code can be pushed to the repository without it being reviewed first, not that nobody is looking at it. If someone does push something bad are there systems in place to blacklist a plugin and remotely remove it from an install (and possibly contact the install owners)? |
|
|
We have automated scanning systems for suspicious code commits. If they occur, me and a few others get an email for manual review of the problem. Additionally, many others get every commit and set up their own scanning tools to see what's happening, as it happens.
When something-badâ„¢ happens, then we can close a plugin (block it from being downloaded or found in searches), revert changes or otherwise manually adjust any aspect of the plugin, and if necessary, push updates for it to any WordPress installs that have it.
Realistically, bad actors are not generally a problem for the plugins system. I can count on one hand the number of times this has occurred to the point where we'd need to actually push code. The real problem we're fighting is accidental security issues. While WordPress core is quite secure, plugins have much less eyes on the problem, and a lot of plugin developers are relatively new coders. Things like simple SQL injections still pop up from time to time in plugins, and that's a big problem.
So, the security issues with with plugins repository is not really about some malicious person out there. Malicious people tend to be dumb spammers. They're easy to spot and protect against, because they're only after the low hanging fruit. What we mostly try to find are the things that good coding practices would protect against, because not everybody uses good coding practices. Those tend to be harder to scan for on an automatic basis.