Title: Question about plugin security
Last modified: October 18, 2022

---

# Question about plugin security

 *  Resolved [korvak](https://wordpress.org/support/users/korvak/)
 * (@korvak)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/question-about-plugin-security/)
 * Sometimes, plugins for PHP snippets can cause vulnerabilities and infections 
   of the site because they use eval() functions.
 * Does your plugin use eval() functions or does it create php files and include
   them?

Viewing 1 replies (of 1 total)

 *  Plugin Author [Shea Bunge](https://wordpress.org/support/users/bungeshea/)
 * (@bungeshea)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/question-about-plugin-security/#post-16116852)
 * Currently, it does use the eval method. We are looking at switching to a file-
   based method at some point in the future.
 * However, it is worth noting that the possibility of causing vulnerabilities and
   infections is the same regardless of method. If you are allowing PHP code to 
   be created and executed on a site by users, then those users have the potential
   to introduce vulnerabilities and infections if they are acting maliciously or
   simply make a mistake.

Viewing 1 replies (of 1 total)

The topic ‘Question about plugin security’ is closed to new replies.

 * ![](https://ps.w.org/code-snippets/assets/icon.svg?rev=2148878)
 * [Code Snippets](https://wordpress.org/plugins/code-snippets/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/code-snippets/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/code-snippets/)
 * [Active Topics](https://wordpress.org/support/plugin/code-snippets/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/code-snippets/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/code-snippets/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Shea Bunge](https://wordpress.org/support/users/bungeshea/)
 * Last activity: [3 years, 7 months ago](https://wordpress.org/support/topic/question-about-plugin-security/#post-16116852)
 * Status: resolved