In this post I wish to talk about cleanness of WordPress plugin’s packages. I name package clean if it doesn’t contain any unnecessary files inside. Unnecessary files together with garbage issue can lead to the real security problem. Let’s take my last download as an example. It is a well known WordPress plugin WP-Forum produced by Fredrik Fahlstad. In case if somebody is new to this plugin, this is the simple discussion forum plugin for WordPress. WordPress link to the WP-Forum plugin page is http://wordpress.org/extend/plugins/wpforum/. Also we can download this plugin from Frederik site http://www.fahlstad.se/wp-plugins/wp-forum/.
Installation package at wordpress.org is OK. But it is marked as 1.7.8 (too old) version. So I went to the plugin’s home page http://www.fahlstad.se/wp-plugins/wp-forum/ and downloaded a 2.3 version installation package.
Inside this package .zip file in addition to core plugin code files we can see: