Marketplace plugins security review?

One concern I have with plugins in Divhunt is that they could cause vulnerabilities or lead to conflicts. When the plugin marketplace is enabled, it would be great to have some sort of review process before being listed.

We’ve seen this in WordPress:

  • Outdated or poorly coded plugins are one of the main security issues causing sites to become compromised.
  • Plugin conflicts lead to unexpected behavior and difficulty troubleshooting.

To protect sites from these issues, here are some considerations:

  • Will someone review submitted plugins before they’re accepted and allowed on the marketplace? Will updates be reviewed?
  • How will plugins receive updates? How often? How will users know they’re up to date?
  • Can plugins be “rolled back” to a previous version if there’s a problem with an update?
  • Will plugins have reviews on the marketplace so users can decide whether to install?

Thanks for considering these concerns! I’m looking forward to a healthy and vibrant plugin marketplace, without repeating the problems encountered by WordPress’ plugin repository.


Your concerns are totally logical since we can all see what happened to WordPress.

All plugins that are being developed will need follow documentation that we are going to provide, and we will check every plugin submited to Divhunt, so only good plugins will be available on marketplace.

Following our documentation, theres very little space for conflicts, maybe some classes or some small stuff.

Each plugin can be updated from time to time, how often really depends on a plugin, if it is some simple plugin such as Tilt.js that we currently have, theres no reason to update it probably ever again.

Currently we don’t have versioning system, so people can’t know if something is updated. And what is updated, we don’t automatically update your plugins now, they are updated if you reinstall specific plugin.

We are aware that this system is not perfect, and it will be improved with time. Since we are the only ones who are developing plugins at this moment, we are making sure that our updates are safe and will not break something.

And as well, since we didnt finish versioning system yet, plugins can’t be reverted, but if you are facing issues, you can just get in touch with us, and we will fix it.

Hopefully all this makes sense now! :slight_smile: We have really big goals for our plugin system, since it is an open-source and anyone can contribute!

1 Like

Thanks for detailed reply, @Pakic. That’s great that plugins will be reviewed and the plugin system is open-source!