You may have already noticed that we have recently added a new feature to our tool, so that now WPThemeDetector not only detects themes but plugins as well.
This morning I got a tweet from one of our users who was worried about the security of his blog. He twitted it right after checking his own domain in WPThemeDetector and realizing that the plugins he uses were detected and listed. It literally read like this:
“@wpthemedetector how do you detect plugins? Do I have a security hole?”
I quickly answered, telling him not to worry at all and suggesting him to read our Frequently Asked Questions, where this is briefly explained. Nevertheless, I decided to write this post to further explain how we do to automatically detect WordPress plugins in a site, what information you´ll get and what you won´t, and the way we deliver that information to you.
First of all, I would like to make clear that our tool will detect only the active plugins used by the analyzed website for which references can be found in the html code genereted and sent by the site´s server.
From the security point of view, that means that if you are checking your own website with our tool, it will do the same harm to your site than any browser would: none at all. So you might or might not have a security hole in your site, but in case you do, we don´t know it and what´s more, we don´t even want to know about it: we will be only reading the html code sent by you (well, I mean, by your server).
Now, from our typical user´s point of view, that also means that we might not be able to detect all the plugins that are used in the analyzed site. Does this disappoint you in any way? I believe it shouldn´t.
I mean, why would you be interested in knowing that the owner of a blog uses, for example, BackupBuddy to back it up? I can think of no reason for it, unless you are part of iThemes. We designed our WordPress Theme Detector to give you valuable information about the WordPress sites you like, not to snoop.
We can look at it this way: If something makes you wonder what plugins are being used in a site and you want to use our tool to find out, that must be something you´ve noticed (somehow you already “detected” it). It could be how well and fast it loads, or some widget you didn´t know about, or how nicely are social media integrated on the site, or any other functionality that caught yor attention. You name it. But one thing is for sure: it wasn´t something hidden and not noticeable, not for instance something that applies only to the backend or admin area of that site.
So the apparently bad news is that the list of plugins that we are showing you for a particular website does not necessarily include all its active plugins, as we say in the note below the list.
However, the good news is this: If you saw something you liked on that site which is accomplished by a plugin and you want to get more details about it, most surely the html source code is including information about that plugin, because otherwise your browser wouldn´t had let you notice it. And, if that information can be found in the source code, our WordPress plugin detector will find it and you´ll have that plugin listed as part of our results for your query.
Once you have the name of the detected plugins in that list, we offer you two possiblities to access the detailed information about each plugin. As the primary source for further information we are including a button that will take you directly to the plugin page in the WordPress repository, where the vast majority of plugins are submitted and included, or directly to the plugin website. For a small percentage of plugins this won´t work though, so as an alternative we also offer you a Google search link ready for finding the plugin details for those less usual cases.
Now that you got a little insight into our WordPress plugin detection feature, I hope you like and enjoy our tool better. I´ll be waiting for your comments.