Alicia: Hello everybody, welcome back, my name is Alicia Kay, and here we have Gil Vidals, the CEO of HIPPA Vault, which is an MSSP specializing in HIPAA compliant cloud services. So last week we mentioned we’re going to start a series on WordPress, and today we wanted to talk about plugins, but before we start, can you just explain exactly what a plugin is regarding WordPress.

Gil: Sure, a WordPress plugin is what adds the functionality to WordPress, so you have the core, and there are many many authors that add some pretty practical functionality to WordPress.

Alicia: Are there security concerns when it comes to plugins or can you just add whatever plugin  you want? 

Gil: Well that’s a really important thing to talk about. So WordPress core is something that most people that are in security realize I gotta keep it up to date, but the plugins equally have to be kept up to date, and there are many plugins that are written by an author who maybe doesn’t think about security, or maybe they wrote it and abandoned the plugin, there’s no more updates for it, so you have to be mindful of the robustness of the plugin, plus keep it updated continually.

Alicia: So if you keep it up to date then it’s secure or is there more that you have to do?

Gil: Well, keeping it up to date is important because the author a lot of times will release bug fixes and security updates, so that’s the main reason, but when you’re looking for adding functionality, make sure you look and compare the different plugins, like shopping for anything, look at it, test it out, make sure it’s not a version 0.1, make sure it’s a mature plugin, make sure it’s well supported, and you can tell by going to the authors website and seeing how many updates do they issue, if you look and the last update was two years ago, you have to question whether that’s going to be robust plugin.

Alicia: If the plugin is up to date, does that mean that it’s HIPAA compliant and secure, or not necessarily?

Gil: It doesn’t necessarily mean it’s HIPAA compliant and secure, but at least it means that you’ve done your due diligence in finding a plugin where the author is mindful, continually updating it, and you can always email the author and ask them “hey, have you incorporated security measures in your plugin?”

Alicia: Okay, awesome, thank you! Is there anything else that you wanted to add on this topic or any tips that you wanted to give?

Gil: Well just to say that at HIPAA Vault, with our WordPress products and services, we ensure the plugins are up to par just like we described in this video.

Alicia: Okay, awesome, thank you so much!

Gil: Thank you Alicia.