Plugin code should be improved for greater security.

I’m aware of the CodeRisk score and have been using the data they provide to further improve the security of EWWW IO over the last several months.
However, I’d like to point out two things:
1. CodeRisk uses a broad range of PHP security rules. These are not WordPress specific, and are definitely not related to WooCommerce in any way.
2. The security of EWWW IO is already very high, and the CodeRisk score in no way represents the countless hours I’ve spent making EWWW IO secure. For a hacker to take advantage of any “issue” in the CodeRisk report, it would pretty much require that your site already be hacked from some other attack vector.
In fact, a few of the things flagged by CodeRisk are false-positives, due to custom functions we’ve had to use to make up for shortcomings in PHP, and CodeRisk doesn’t have the ability to recognize those custom security functions (I’ve asked already, they won’t do it).

Short version: we’ve never had a site hacked because of EWWW IO, and if there were any major issues reported by CodeRisk, I would have fixed them already.

Thank you your answer is very important for all of us users.

I am more relaxed knowing that best security practices / new Updates for wordprass / woocommerce are aware and aware of new alleged vulnerabilities that arise every day.

Follow this up, as this is important for all users.

And again I thank you for your sincere and important answer, thank you!

Your plugin is better and I have no doubt about it!

Thank you!

I will certainly continue to work through the CodeRisk reports, as I get emails from them each time we do a new release. I do hope that we can improve the CodeRisk score in the future, so that it better reflects the security of EWWW IO.

I will be looking forward to this. Because the note there is very bad.

Yes, there may even be detections of false positives by them, and this will damage your score. But certainly there are also possible risks and vulnerabilities in the code to get the worst possible score, this makes the user a little nervous.

If EWWW IO team Follow the current Wordprass / Woocommerce rules for development, that note there may become a 0 and this is what we would like and would be the most lovable possible.

With the 5.3 release, I went through every single security risk detected by CodeRisk, and implemented counter-measures for all of them.
Now it just remains to be seen how much of that CodeRisk will pick up. I know there are 1 or 2 things they’ve said they simply can’t detect, but hopefully this knocks out the majority.

@ nosilver4u I knew I could count on you and you would make every effort to improve this.

Truly heartfelt gratitude.

Because as a customer it is an incredible feeling when we are heard and attended to.

I wish you all the best and this incredible plugin that I love.

Thank you very much indeed.