Lockdown Ledger
Lockdown Ledger
@LockdownLedger

<b>Plugin Vetting SOP</b>

<b>Plugin Vetting SOP</b>
Every plugin is code you didn't write running as your site. Vet before install.

— Step 1: Check last-updated date. Older than 12 months or untested with current core: reject.
— Step 2: Read the changelog for security fixes; a plugin that never patches has never been audited.
— Step 3: Search the slug against known CVE databases before activating.
— Step 4: Install on staging first; diff the filesystem to see what it writes outside its own folder.
— Step 5: Verify it deactivates cleanly — leftover cron jobs and DB tables are a tell.
— Step 6: Record every plugin, version, and source in your inventory sheet.

Do this before every single plugin install.
Run this every time.
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.
tech

Свежие посты в категории «Tech Infrastructure»

Все каналы категории →

start

Готовы запустить рекламу через сеть public.tg?

Новый оффер, продукт, GEO, кейс, событие или партнёрский запуск — соберём маршрут под задачу и отдадим медиаплан.

Telegram для медиаплана: @dumay. Быстрый тест: $20 за канал, $1000 за пакет по сети.