Plugin inspection:

WP Webhooks

Potentially unsafe

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should very carefully consider its potential problems and should conduct a thorough assessment. Read more about this recommendation.

Findings

No major issues were found from an inspection of the plugin. It does have extensive functionality with numerous integrations so is difficult to fully assess. Some webhooks may modify WordPress installations, for example it is possible to set up a webhook to perform file operations (Pro version). These actions should be assessed for the impact on server and site configurations. It is therefore advised that functionality is tested on an independent development platforms before production use.

The safety of this plugin will depend largely on what incoming or outgoing webhooks are implemented, and the trust that is placed in the third-parties and services involved.

The flexibility of the plugin is a strong point. Conversely, given this extensiveness, developers may consider alternatives such as custom code for simpler requirements, especially if there are not complexities such as authentication needing to be handled. Adding a lot of webhooks may impact site performance.

 

 

 

Reason for the 'Potentially unsafe' result

The plugin has been given this recommendation at the tester's discretion:

No issues were found with the plugin itself. The ‘use with caution’ rating is to note that the safety of this plugin will depend largely on the incoming or outgoing webhooks that are implemented, with corresponding trust that is placed in the third-parties and services involved. It is also highlighted that as the webhooks can be setup to perform actions such as file creation, that the impact of this on site and server configurations should be assessed.