As part of our push to improve the security of WordPress plugins, next month our Plugin Security Scorecard tool is going to start lowering the grade for plugins if the developer isn’t linking to the results of a security review of the plugin. To make sure that we practice what we preach, we are doing security review of our plugins and linking to those results in the way we are suggesting other developers do so. We can’t hire someone else to them, as we are not aware of anyone else that actually does reviews and has released any results to check on accuracy of their results. By comparison, we have been doing that for years.

For our third review, we checked over our Plugin Vulnerabilities plugin. [Read more]