Our new hosting company ran a security check on our installation and I was very surprised to hear that a premium plugin we had purchased (Easy Media Gallery Pro) contained malicious code.
(It may just be coincidental, but our site was hacked around the time we upgraded to the Pro version of that plugin.)
Anyway, I would like to know if there are any reliable utilities out there than can perform an reliable, independent security check on a plugin before I install it on my site??
2 Answers
There are several options/plugins to do that but nothing can provide you with 100% security. Following good practices, daily/weekly backups and using themes/plugins that follow good code practices will usually help you to stay away of troubles. But again nothing will give you 100% security. As for plugins you can try several that will give you a little peace of mind:
- Wordfence Security
- iThemes Security (formerly Better WP Security)
- All In One WP Security & Firewall
I’ve worked mainly with Wordfence Security since most of the plugins I use come from the official WP repository and it has some neat settings that allow you to compare your theme’s/plugins’ code against changes directly with the theme’s/plugins’ repo and scan the code for potential issues.
But again this is not a 100% solution.
