No validation of WordPress Plugins

This blog runs on WordPress.  Anyone can write a plugin for WordPress, including spammers who want to gather info on your site and its users, or people who want to steal content such as music and photos.  For example, there is no valid reason the audio player widget I installed should be contacting its creator every time I post, delivering a unique ID pointing at my content.  And there’s no proof there’s a link, but within hours after installing it, comment spam increased substantially.

Yeah, I went into the code of the widget and removed all the “phone-home” crap.  It’s like closing the barn door after the horses escaped.  And, how many other things have I installed are doing the same thing?  Sometimes it feels like a constant war, especially since I maintain my own server.  I look at the logs and see hundreds of attacks on it every day.  With the exception of the early 1990’s, the internet has never been a friendly place.  I feel like I live in a compound surrounded by a tall firewall trying to keep out the underbelly of society.