Security

BackUpWordPress is a long-standing backup plugin originally created by Human Made and now maintained under new ownership with a continued commitment to open-source development. Designed for websites running on WordPress, the plugin provides scheduled backups of both files and databases using native system tools such as zip and mysqldump when available.

Its primary goal is simplicity: BackUpWordPress allows administrators to create full-site backups with minimal configuration, making it suitable even for low-memory shared hosting environments.

The plugin supports PHP 5.3.2+ and operates on both Linux and Windows servers, offering flexibility across hosting platforms.

Caching and performance optimization plugins can dramatically improve page speed, but they also expand the security footprint because they sit between dynamic application logic and static delivery. A cache can unintentionally store and serve private content, expose sensitive headers or debug artifacts, or create integrity issues when minification and rewrite rules transform how resources are delivered. These plugins also tend to touch high-risk areas like wp-admin configuration, filesystem writes (cache directories, rewrite rules), and external integrations (CDNs, reverse proxies), which means weaknesses frequently translate into data leakage, stored XSS in admin previews, cache poisoning, or denial-of-service conditions. W3 Total Cache version 2.9.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64614, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for caching and optimization plugins.

Custom fields unlock a lot of power in WordPress, but they also expand the attack surface because they sit directly on the boundary between admin-side content modeling and front-end rendering. Field values can end up inside templates, blocks, REST responses, and admin UIs, which means weaknesses here frequently translate into stored XSS, unauthorized data exposure, or integrity issues. Advanced Custom Fields (ACF®) version 6.7.0 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64613, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for content modeling plugins.

ReCaptcha v2 for Contact Form 7 is a lightweight compatibility plugin designed to bring back Google reCAPTCHA v2 support to Contact Form 7 after version 5.1 removed the [recaptcha] tag in December 2018. Instead of introducing custom implementations or external wrappers, the plugin restores the original functionality from Contact Form 7 v5.0.5, preserving the familiar behavior many site owners relied on.

Collecting form submissions is valuable, but storing them inside WordPress also creates a high value target because entries often include names, emails, phone numbers, messages, and sometimes sensitive business context. Database Addon for Contact Form 7 version 1.3.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64611, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for data capture and export plugins.

Email delivery is business critical, but email sending plugins also sit on a sensitive boundary where they handle SMTP credentials, API keys, admin side settings, and in some cases email logs that can contain personal data. GoSMTP version 1.1.8 has successfully completed the CleanTalk Plugin Security Certification program and received PSC-2026-64610, confirming that the plugin was assessed with a strong focus on secure coding practices and common real world WordPress attack paths.

User Role Editor v4.64.6 is a widely used WordPress administration plugin that lets site owners manage roles and capabilities through a clear checkbox based interface, making it easy to add, remove, clone, and delete roles while also supporting per user capability assignments and multisite networks. Because role and capability management directly governs access control across WordPress, any weakness in implementation could have severe impact, including unauthorized privilege changes or admin takeover paths. User Role Editor has passed CleanTalk Plugin Security Certification under PSC-2026-64609, confirming that the plugin was assessed for secure coding practices and validated against major vulnerability classes.