If you are developing WordPress plugins (or themes) for distribution via WordPress.org, or for client projects, it should be a no-brainer that writing insecure code can lead to severe consequences.
Having your plugin pulled from the repository, seeing a loss in respect and end-user confidence, or even worse, seeing users fall victim to easily preventable attacks are all possibilities if plugin security is not taken seriously.
Today I finally finished up and deployed “version 1” of the Download Monitor plugin. This is more of a re-release than an update, hence the version reset (which should also prevent automatic updates!).
If you want to update from a legacy version of Download Monitor, after installing the new version you’ll need to also install and run the Download Monitor Legacy Importer. This will handle migrating all of your data to the new format.
I’ve also re-released the page-addon as a separate plugin.
The page addon basically lets you add a [download_page] shortcode which lists all downloads on your site with categories, tags, pagination and searching. It also adds ‘single’ views for your downloads.
Because this used to be part of the main Download Monitor plugin, albeit not as good as it is now, I’ve made this a “Pay what you want” add-on so pay what you feel is fair 🙂