It's always possible it was a horrible error.

> always vet

And how do you do that? Seriously - I get nervous every time I install a new plugin or test one.

I tested a popular ecom plugin awhile back and after I removed it - it had left over 120 db fields that I had to manually remove (and one of them contained code...oh joy). How can a general WP user know what is clean and what is not?

There's a good discussion about WP security/plugin vetting here: [webmasterworld.com...]

The last post there links to the place to check plugin vulnerabilities.

How can a general WP user know what is clean and what is not?

This is what differentiates professionals from amateurs. WP markets a product that automates the work of a professional webdev. This automation comes with hidden costs and risks. Don't get me wrong the product may be great for some small business, individuals and hobbyists, but to believe that you can run a business without any web-development knowledge using WP is naive and ignorant. I'm not saying, that pros shouldn't use WP, on the contrary it may be a good tool for your business case, but one still needs to have the knowledge to understand how all the parts work.

Well, that's the most arrogant and condescending reply I've read in awhile around here Nick.

> This is what differentiates professionals from amateurs

Yo, the plugin I was referring too was a popular ecomm platform by freaking Automatic (Google it if you don't know). Seems like alot of professionals around here are running it. Or are you calling them amateurs too?

>WP markets a product that automates the work of a professional webdev.

Got nothing to do with WebDev. Automatic produces a content management system for those that don't want to baby sit a content management system and pretty much anyone can use it. (I taught an 79yr old grandmother who had never touched a computer, on how to post to a blog from her phone)

> but to believe that you can run a business without any
> web-development knowledge using WP is naive and ignorant

There is absolutely no web-dev knowledge needed for most small businesses. I know of dozens upon dozens of SMB's that don't have a clue one about web dev issues. They've all self taught. Pressed the "install wp" button on their host - then bought a template - and had their site up in a couple hours.

> I'm not saying, that pros shouldn't use WP

lol. Considering just about every pro-seo agency I know of - runs on Wordpress, you might want to rethink that absurd statement.

>but one still needs to have the knowledge to understand how all the parts work.

Knowing how the parts work and knowing PHP/MySQL are a pretty damn far apart.

If professionals can be scammed (for lack of vetting), then the rest of the crowd is totally sol? :)

Third party anything is something to be wary of. If you can't see the source code, that's one thing, but if you don't bother to look at the source code, that's on "you".

Plug and play has ruled the day for quite some time, so not surprised that things like this can happen. That said, always vet third party stuff!