How to protect a WordPress site from malicious plugins?

Hello,

Maybe you can try https://www.ads-software.com/plugins/health-check/ it helps to identify if there is anything critical or if any plugin or theme is creating an issue.

Give it a try and see if that helps.

Thank you!

Hey there, thanks for the quick reply.
The plugin you suggested looks good for general protection, but it won’t protect plugins from leaking data out.
I guess what I’m looking is to have all plugins behind a “firewall” for both incoming and outgoing connections. This way I can whitelist certain plugins, allow connections to certain servers, ports, etc.

There’s nothing like that available at this point.

The best thing that you can do is only install plugins from trusted sources that have been reviewed and tested (like this site of course).

The simple way to do it is… if you can’t/don’t trust the plugin or the develpers behind it, don’t install it. There will always be something else that will work for you.

@catacaustic thanks, I was afraid of that.

Definitely I only install plugins that have many good reviews and come from the WP plugin site, but it’s too much trust to give full access to a site to 3rd party devs.

I guess for now I’ll try to set up docker to restrict internet access.