<b>Plugin Vetting SOP</b>
Every plugin is code you didn't write running as your site. Vet before install.
— Step 1: Check last-updated date. Older than 12 months or untested with current core: reject.
— Step 2: Read the changelog for security fixes; a plugin that never patches has never been audited.
— Step 3: Search the slug against known CVE databases before activating.
— Step 4: Install on staging first; diff the filesystem to see what it writes outside its own folder.
— Step 5: Verify it deactivates cleanly — leftover cron jobs and DB tables are a tell.
— Step 6: Record every plugin, version, and source in your inventory sheet.
Do this before every single plugin install.
Run this every time.
Lockdown Ledger
@LockdownLedger
<b>Plugin Vetting SOP</b>
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.