Was just reading a Wordfence blog about how someone is buying up old plugins and adding code that can hijack a site that still uses the plugin. Scary to think that this could spread to more popular plugins… if the author is desperate for cash they might just sell out to these cyber thieves. Wordpress really needs to step in to address this and stop it from happening to any more plugins.

Re: A new Wordpress threat to keep you up at night

And that must be impossible to spot for the people who’s using the plugins!

Re: A new Wordpress threat to keep you up at night

Yes, luckily Wordfence seems to be on top of this and is sending out alerts when they find out about a plugin that might be corrupted. But I wish Wordpress would do more, like maybe prohibiting the sale of any plugin, or keeping a close eye on any plugins that are transferred to new owners.

Re: A new Wordpress threat to keep you up at night

Wordpress could be doing far more than they are about this.
Wordfence already has the capability to compare files for alterations and all Wordpress would need to do is implement Human monitoring for when plugins are updated. Comparing the files is all it would take to discover malicious coding.

But, just like all other tech companies, they’ll avoid making any decisions on safety until it’s too late. In the end, they’ll avoid taking any responsibility for this until something dramatically dangerous happens and risks their business, then they’ll be scrambling to shut the stable door after the horse has bolted.

Facebook did the same, Twitter is doing the same, Amazon, Google, Disqus… they’re all avoiding taking any action on vitally important issues when these issues have a very high chance of destroying their platforms.