Too often I hear website owners discussing the security of their CMS and associated themes and plugins. The suggestions are often “do you know and trust the author of the code?”. This same analogy can be extended to online banking where people say “Do you trust that site with your info?”
I’m not an expert in online security and don’t claim to be. But I think people look at security wrong. It isn’t a matter if you trust the intentions of the code author or the website owner. It is a matter if you trust their expertise to have not made a mistake. Sure, I trust that most WordPress Plugin authors are on the up-and-up and have the best intentions for their plugin. But trusting that they are up to speed on security measures and safe programming standards is another matter entirely.
So just because you trust their intentions doesn’t mean your information is safe. You also need to trust their skills, and be right about it.
