What is a plugin?

In computing, a plugin (or plug-in, add-in, addin, add-on, or addon) is a software component that adds a specific feature to an existing computer program or enhances its capabilities. When a program supports plugins, it enables customisation. 

The first use of plugins was in the 1970s, in text editors such as Hypercard or the QuarkXPress publishing software on Apple Macintosh computers. Silicon Beach used plugins to expand the functionality of graphics programs such as Digital Darkroom and SuperPaint. This company is also credited for having coined the term “plug-in”.

Plugins are not standalone applications and can’t work by themselves. Plugins usually depend on a host application. The host application provides services that allow a plugin to work with it, for example:

  • The way for a plugin to register or unregister in the application,
  • APIs and protocols used for data exchange, and
  • Libraries and other shared resources.

What are the different types of plugins?

  • Browser plugins, of which there are thousands for popular browsers like Chrome, Firefox, and others,
  • Social plugins are used, for example, to embed social feeds on a website,
  • Email plugins, for example, encryption plugins, CRM plugins, notes plugins, and more,
  • CMS plugins, for example, plugins in the most popular CMS – WordPress – which extend or add new functionalities to a website like contact forms, custom post formats, SEO optimisation etc.
  • Audio plugins which are used for special effects or noise reduction,  
  • Video plugins, for example, plugins for video players which allow you to play different video formats like MPEG, AVI, WMV etc.
  • Graphic plugins, for example, allowing the use of different formats like RAW or photo effects.

Security of plugins.

Plugins always present certain security risks because hackers can use these add-ons as attack gateways. In recent years, attackers have increasingly exploited plugins (especially browser add-ons) to spread malicious code and gain unauthorised access to websites.

Single individuals or hobbyist programmers develop many plugins (such as WordPress plugins), and that’s why it’s often impossible or difficult to determine if they have vulnerabilities that cybercriminals could exploit. 

Many plugins are coded to spread malware, spyware, and other malicious code.