Three weeks ago we added a new feature to our service, automated testing of updates of WordPress plugins used by our customers. The reason for doing that is that keeping WordPress plugins up to date is critical for security, but it also introduces the possibility that the new version breaks things on the website. You would reasonably think that for plugins in the WordPress Plugin Directory by 2025 there would be at least some basic automated testing done before updates get pushed out, but that isn’t the case.

Our automated testing is still very much a work in progress. It turns out implementing this type of testing has various pitfalls that don’t make the easiest implementation possible. But even in that state, we already caught an issue introduced in an update to one of the most popular plugins. That plugin being the 2+ million install MonsterInsights from Awesome Motive. Version 9.5.1 of the plugin, which was released on Monday, sounds like a small update with the changelog entries only being “New: Support for Pinterest PPC conversion tracking” and “Fixed: Minor updates and bug fixes.” One of the minor updates caused the uninstall function for the plugin to error out when a class that was no longer defined was called.

We were alerted to the error, determined what was causing it, and reached out to the developer to let them know what had happened. Less than 24 hours later, a fix had been released.

Obviously, a failure to delete the plugin isn’t a critical issue like it causing an error when running, but it is the type of issue that should already be getting caught by preexisting testing.

We now also are looking to expand automated testing to spotlight plugins that are failing to follow WordPress standards surrounding deletion, which is a common problem that has potential security risk if sensitive data that was supposed to have been deleted wasn’t. That is something we already do a more intensive manual check for when doing security reviews of plugins.