It isn’t tough to speak well of WordPress, especially for the budget and process minded domain developer, however if you don’t have any experience with the system or you aren’t into PHP, then you run the risk of opening yourself up to many more vulnerabilities.
Case in point, Amazon affiliate plugin tool Amazon Press. In the hopes of being convinced that a remote Amazon store is a decent development path (static SEO for referral income vs. remote shopping cart with a call-to-action) I’ve been poking around to see how and why anyone would do such a thing when I ran across some code in one of the plugins that I thought was interesting;
‘LocaleTipTag’ => ’546246187-20′
Huh? What the hell is that? This is part of the API call to the Amazon DB. I did a little research and it turns out that the plugin was copied from another creator and rebranded, with the tipping option hardcoded into the php class, and depending on which version you are running, the developer of the script could be earning revenue from your sales without your knowledge.
So the lesson here is that, if you aren’t looking through the code that is part of your revenue stream, such as third-party plugin Amazon code that you installed, or worse yet, paid to have installed into your blog, how do you know you aren’t getting ripped off?