Plugins No Longer In
Directory or Repository
One of the “fatal flaws” in the WordPress system is that there is no way for the central plugin repository to let us know, in a direct manner, when a plugin we are using has been removed from the directory for potential bad behavior.
This leads to blog owners being unaware that a plugin they are using has a security vulnerability (that puts them at risk) when the plugin is temporarily made unavailable and also leaves them unaware of how urgent it is to update the plugin when it becomes available again.
This is very much a “weak link” in the system.
Before we go any further, it would be VERY beneficial if you would go over to THIS thread and leave a message urging the WordPress development community to give this some of the attention it so badly needs. (Leave a comment to keep urging them forward!) They’ve been “working on this” a long time and no suitable solution has arrived.
In the meantime, we have…
WordPress “No Longer In Directory” Plugin
This simple plugin does a scan of your current plugins and compares it against current and former directory listings for the repository. It also checks for former removals that have returned.
This would have been useful a week ago when the SexyBookmarks plugin was removed from the directory for security reasons and has since been patched and returned (it is urgent that you update).
Unfortunately, this plugin is a manual check (meaning you have to go to it’s settings page) and is not a background monitoring service that we really need.
This plugin works “hand in hand” with the Better Plugin Compatibility Control which lets you know when a plugin has gone un-maintained (but not removed) and may be a security risk or stability hazard on your current version of WordPress.
One of the nice things about this plugin is that it does not throw a bunch of false-positives if you’re using some non-GPL plugins that were never in the repository in the first place. Keep in mind that those plugins can just as easily develop security issues and if you haven’t seen updates in the last six months or a year, you have reason to be nosy about them too!
Why Do Plugins Get Removed From The Repository?
Plugins can be removed for the following reasons:
they are found to break the GPL
they are found to break the directory rules
other plugins by the author are found to be a problem and all are removed pending investigation
the author asks for it to be closed
the author asks for it to be closed because they are re-releasing under a different name
it is being investigated after non-specific complaints
there is a security vulnerability
Fortunately, by using a combination of these free plugins, we can get an accurate assessment of where the GPL plugins on our blog stand at this present time. (Which is helpful for preventing hackings!)
How often should we do this? Here’s the problem… it needs checked frequently… the more frequently the better.
That is why it really needs to be part of the core WP system and to do the checking on it’s own and alert us by email. This is super easy if you have one blog but a pain in the rump if you have 12!
What tools do you use to keep your blog safe?
I’ll be talking more about security in upcoming blog posts and courses so let me know if there is something you’d like me to cover!
~ Kim ~
Simple Tech Tips For Marketing
PS: Be sure you subscribe by email to my list and follow me on social media so you get security news as soon as possible to help you build your business while staying safe!