Improvements to plugin security

If anyone has been on the site looking for a plugin recently, you would notice that there a many duplicate plugins and the majority contain viruses/backdoors. I believe that something has to be done soon before the plugin library turns into a place where you have to spend time looking through the plugins to make sure they do not contain backdoors.

The image below is a photo taken of the front page. The majority of the plugins shows are copies of the original plugin and contain backdoors,

image1032×699 297 KB

Why not just get plugins from the plugin marketplace?
The plugin marketplace simply isn’t big enough yet. Many creators of small or not such well-know plugins are not on the program. I believe that there should be a way to apply to join the plugin marketplace. For example, there can be a sales requirement (eg. 2500 plugin sales to apply) and if you reach the criteria you can apply to become a member.

I made a plugin a little while back that gets a few hundred sales and week and has over 3200 total sales. I have many users contacting me saying they cannot find my plugin in toolbox. This is one of the reasons I believe plugin developers should be able to apply. I could potentially get hundreds of more users but simply wasn’t invited and I therefore have no way to get my plugins in toolbox.

As someone who uses plugins, it is really hard to find a plugin that is the original version and does not contain a backdoor. This issue involves involves both the plugin users and plugin developers. The developers are getting ripped off (their plugins are being copied), and the plugin users have trouble finding the real plugin.

If Roblox were able to address this, it would improve the experience of both the developers using plugins, and the plugin developers.

I strongly agree with this, maybe if ROBLOX added the feature that you can do both that would be greater, and just add a notification alert that says ‘By using this plugin, this is not a verified plugin so anything can happen’ or something.

Also, I didn’t realize that plugin developers had to apply for something in order to have their plugin in the toolbox? Idk if I misread your topic, but yeah.

To other users; it is very useful to look at plugins and looking if there are any misspellings in the plugin that are crucial (not very trustworthy with misspellings) then don’t download it, also I’d recommend checking join dates, and if you do get a plugin, make sure to inspect it, which I’m sure is possible.

As someone working closely with Roblox on the plugin marketplace, I can confirm that Roblox is aware of the issues with plugins at the moment. The limiting of the plugin marketplace to approved plugins only is intended as a temporary security measure to stop most people from installing those malicious plugins.

Think of this as a transitional period - until plugin security gets better (which is an ongoing effort!), this is the way things will have to be, for the sake of newer creators who aren’t aware of the risks.

Title of the topic (“Improvements to plugin security”) is very vague/broad, might want to improve that by making it explicit what you want to make sure staff don’t gloss over it.

There should be a verified plugin icon so that users can assume that the plugin is safe and doesn’t contain any backdoors, similar to the endorsed models program.