You’re probably not us to discretion, but when it comes to plugin security issues , sometimes you ne a bit of secrecy. Therefore, you ne a way for security researchers to contact you. And believe me, if your plugin becomes popular, they will contact you. You have a couple of options when it comes to receiving security reports. The easiest option is to set up an email address as “security on the domain you use, or a contact form. Keep in mind that you will receive many reports that you will have to verify and not all of them will be useful.
URL Authority Relevance of
A better way is to use the Patchstack vulnerability disclosure program , which has a free version. They are in charge of validating the problem Bahamas Email List and only contact you when you really have to solve something, with a very detail report. They also take it upon themselves to act as a security researcher, making you follow Ethical Disclosure Policies CVA . Another tool that can be us to investigate some vulnerabilities on your wordpress site is WPScan at a more general level and this does not work for new plugins as it is bas on problems that have already been report. And almost the most important thing, always keep an eye out for other people in the world of WordPress, for this a good website wptavern.
The url that will rank
How people can report problems You should make it clear to users how they can report security issues with your plugin On the plugin’s website. On the plugin’s GitHub page preferably via a Security.md file . In the plugin’s readme.txt file, and thus on USA CEO the WordPress.org plugin page. And make sure you check it out and that everything is working correctly, as you don’t want to miss any of these reports. Fostering safety reports If you earn revenue from your WordPress plugin s , directly or indirectly, I would strongly suggest setting up a bug bounty program examples Word Press core bug bounty program at hacker One , yoast’s or elementor’s on bugcrowd .