Abandoned WordPress Plugin Maintenance Service

Does your website depend on a WordPress plugin that is no longer being supported by the original developer? With our service we can maintain the plugin for you, so you can safely use the plugin going forward.

When first starting up the maintenance we will:

  • Fix any compatibility issues with the currently supported versions of PHP
  • Replace any use of deprecated WordPress functions
  • Put the plugin through a security review, which includes check for the following issues:
    • Insecure file upload handling (this is the cause of the most exploited type of vulnerability, arbitrary file upload)
    • Deserialization of untrusted data
    • Security issues with functions accessible through WordPress’ AJAX functionality (those have and continued to be a common source of disclosed vulnerabilities)
    • Security issues with functions accessible through WordPress’ REST API (those have started to be a source of disclosed vulnerabilities)
    • Persistent cross-site scripting (XSS) vulnerabilities in the frontend portions of the plugin and in the admin portions accessible to users with the Author role or below
    • Cross-site request forgery (CSRF) vulnerabilities in the admin portion of the plugin
    • SQL injection vulnerabilities (the code that handles requests to the database)
    • Reflected cross-site scripting (XSS) vulnerabilities
    • Security issues with functions accessible through any of the plugin’s shortcodes
    • Security issues with functions accessible through any of the plugin’s blocks
    • Security issues with functions accessible through the admin_action action
    • Security issues with functions accessible through the admin_init action
    • Security issues with functions accessible through the admin_post action
    • Security issues with import/export functionality
    • Security issues with usage of the is_admin() function
    • Security issues with usage of the add_option(), delete_option(), and update_option() functions
    • Security issues with usage of the update_user_meta() and wp_update_user() functions
    • Security with usage of determine_current_user filter
    • Security issues with usage of the wp_set_current_user(), wp_set_auth_cookie() and wc_set_customer_auth_cookie() functions
    • Security issues with usage of the reset_password() and wp_set_password() functions
    • Security issues with usage of the extract() function
    • Lack of IP address validation
    • Proper usage of sanitize_callback when using register_setting() to register settings.
    • CSV injection
    • Host header injection vulnerabilities
    • Lack of protection against unintended direct access of PHP files
    • Insecure and unwarranted requests to third-party websites
    • Any additional possible issues identified by our Plugin Security Checker

Going forward we will test it to make sure the plugin is compatible with each new version of PHP and WordPress ahead of its release and fix any bugs or security issues that are identified in the plugin.

We have developed multiple WordPress plugins of our own and we run the Plugin Vulnerabilities service, which involves us interacting with other developers' plugin code on a daily basis.

Price:

$500 USD for the first year and $300 USD a year after that.

We accept payment by credit card, debit card, or eCheck through PayPal in a number of currencies.