About Plugins in the WordPress repository

There was a time that being in the WP repository seemed like a guarantee of a well-coded plugin.

But nowadays we are getting used to hearing horror stories of hacked plugins and plugin authors who sell their plugins to buyers who turn out to be unscrupulous and who add malicious code.

It’s a real problem. Take a look at wpvulndb∙com for a long list of compromised or vulnerable plugins.

WooCommerce Bot Purchases

I haven’t had this problem, but I saw it reported. The problem is bots making purchases using invalid credit card credentials. The poster wondered how this could be mitigated and the reply was to use the plugin Advanced noCaptcha & invisible Captcha with invisible captcha enabled.

It is directly on the checkout page and blocks orders that it registers as bots.

I looked up the plugin (it is the WP repository) and it describes itself as being able to show noCaptcha or invisible captcha on various pages, including WooCommerce, Login, Register, Lost Password, Reset Password, etc.

Litespeed and the advanced-cache file

You may see advanced-cache.php as a drop-in in your plugins folder.

The advanced-cache.php file is used by many caching plugins to signal that a cache is active. When this option is checked and this file is detected as belonging to another plugin, LiteSpeed Cache will not cache.

The easiest way to find out what other plugins may be using advanced-cache.php is to FTP into the server and open the file and check its contents. If it is Litespeed, it would say ‘LiteSpeed Cache’ within the file.

Which begs the question of why it is there because the way it handles caching because the LiteSpeed Cache plugin for WordPress does not need an advanced-cache.php file.

For this reason, there is no real logic in this file. So why include it at all? You will find the answer by opening the file, and if Litespeed is the active caching system you will read that:

  • Setting the WP_CACHE global variable requires that an advanced-cache.php file exists.
  • This variable can help to increase compatibility as other plugins can check it to determine whether or not a cache is currently being used.
  • It can also help to avoid conflicts with other full page caches such as W3 Total Cache, etc.