Abandoned WordPress Plugin Takeover and Maintenance Service

Does your website depend on a WordPress plugin that is no longer being supported by the original developer? With our service we will use the process in place to take over maintenance of the plugin, so you can safely use the plugin going forward for the next three years.

When first taking over the plugin we will:

  • Fix any compatibility issues with the currently supported versions of PHP
  • Replace any use of deprecated WordPress functions
  • Make sure it meets the Plugin Directory's developer guidelines
  • Put the plugin through a security review, which includes check for the following issues:
    • Insecure file upload handling (this is the cause of the most exploited type of vulnerability, arbitrary file upload)
    • Deserialization of untrusted data
    • Security issues with functions accessible through WordPress’ AJAX functionality (those are a common source of disclosed vulnerabilities these days)
    • Persistent cross-site scripting (XSS) vulnerabilities in publicly accessible portions of the plugin
    • Cross-site request forgery (CSRF) vulnerabilities in the admin portion of the plugin
    • SQL injection vulnerabilities (the code that handles requests to the database)
    • Reflected cross-site scripting (XSS) vulnerabilities
    • Security issues with functions accessible through any of the plugin’s shortcodes
    • Security issues with functions accessible through the admin_action action
    • Security issues with functions accessible through the admin_init action
    • Security issues with import/export functionality
    • Security issues with usage of is_admin()
    • Host header injection vulnerabilities
    • Lack of protection against unintended direct access of PHP files
    • Insecure and unwarranted requests to third-party websites
    • Any additional possible issues identified by our Plugin Security Checker

Going forward we will test it to make sure the plugin is compatible with each new version of PHP and WordPress ahead of its release and fix any bugs or security issues that are identified in for the next three years.

We developed and maintain several plugins of our own. We also run the Plugin Vulnerabilities service, which involves us interacting with other developers' plugin code on a daily basis.


$1500 USD.

Payment is refundable if we are not permitted to takeover the plugin and you don't want us to fork it instead. We accept payment by credit card, debit card, or eCheck through PayPal in a number of currencies.