The original posts are from Jon Cave: Review an intentionally vulnerable plugin
Review a plugin for vulnerabilities
Jon has developed a small plugin that will actually create bugs IF the plugin has security flaws.
It requires a security review for plugins developers and suggestions for fixes.
Checkout the GitHub repo for the code.
This plugin is made for testing purposes and should be installed and activated on your DEV or TEST environments ONLY.
The plugin is not a fully developed one but made for debugging purposes. It logs all failed login attempts.
It’s basically like breaking your site in order to find the bugs and enhance the security by removing those bugs.
Jon recommends to look at the vulnerable.php file that has detailed functions and if you’re a WordPress developer, it won’t take much time to understand that code.
The log file will show you the problem and where it’s located. You need to go there and fix it.
It’s not going to magically fix your bugs but at least it makes you a better developer because once you fix those bugs, you’ll remember that for your next project.
You live, you learn!
Here are some useful posts regarding a plugin security
github plugin security test