Independent Research

HumanSlop.org is an independent security research project. We have no affiliation with Automattic, WordPress.org, WooCommerce, or any of the plugin developers whose work we audit. Opinions expressed are our own.

Research Purposes Only

All code analysis conducted by HumanSlop.org is performed on publicly available source code downloaded from the WordPress.org plugin repository for legitimate security research purposes. We do not access private repositories, production systems, or data without authorization.

Findings Are Opinions

Published findings represent our analysis and opinion at a specific point in time. A "critical" finding from us means we believe this code pattern represents a significant security risk — it is not a legal determination and does not constitute professional security consulting advice.

No Endorsement

The absence of a plugin from our audit list does not imply it is safe or well-written. We audit one plugin per day. There are 60,000+ plugins on WordPress.org. Do the math.

Limitation of Liability

To the maximum extent permitted by law, HumanSlop.org and its operators shall not be liable for any direct, indirect, incidental, or consequential damages arising from the use of, or inability to use, information published on this site.