Tracking plugin traffic if malware

  • baldeaglemall

    (@baldeaglemall)


    4 years ago

    I recently purchased a rising plugin with only 100 downloads but great functionality and a couple of 5 stars.

    However, I am concerned “what if plugin grabs data from my server and does malicious things”.

    So,

    (1) is there a way to just block any traffic from plugin other than for within the site activities and install?

    i.e. put a wall around the plugin along with other plugins from my site as they don’t need to communicate with external servers if they are not grabbing or sending external data.

    I do have wordfence and malcare installed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    If you don’t trust the source of the plugin, don’t use it. When activated, it becomes part of WP and the plugin has the same level of access as WP itself. In theory you can screen for specific traffic, but it’s hard to know what sort of traffic might be malicious until it’s too late. See “zero day exploit”.

    Thread Starter baldeaglemall

    (@baldeaglemall)

    So, does malware scanner like MalCare and WordFence firewall are kind of namesake?

    Moderator bcworkz

    (@bcworkz)

    They have their place and can be useful, but don’t be deluded into thinking they provide full protection from all possible attacks. A malicious plugin is not unlike an insider attack. Someone that has access keys can be difficult to detect and stop. We don’t employ someone and give them keys if they cannot be trusted.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Tracking plugin traffic if malware’ is closed to new replies.