Hacker News new | ask | show | jobs
by tyingq 2411 days ago
Proceed with caution. A fair amount of wordpress's reputation for bad security comes from 3rd party plugins. There aren't many (any?) restrictions on what they can do.
2 comments
atknoz 2411 days ago
That's right indeed but we're a curated directory where people discover or share their experiences on the resources. We're not encourage the peoples to use what we've curated.
link
mattigames 2410 days ago
Well, is exactly the same for any npm package or any python package as do many other languages, a lot -if not all- bad security comes from 3rd party plugins.
link
jermaustin1 2410 days ago
I'm perfectly capable of bad security on my apps without the use of 3rd party plugins, thank you very much!
link
tyingq 2410 days ago
Technically the same perhaps. But the actual history is pretty different. WordPress plugins are notorious for RCE type vulnerabilities.
link
jermaustin1 2410 days ago
I wrote one during my early years, in fact [1]!

1: https://jeremyaboyd.micro.blog/2016/11/20/that-time-i.html

link