[wp-hackers] Block Specific Plugins

Wed Apr 29 22:51:19 UTC 2015

You could always just set up a file that has a list of the plugin names or directories you approve and then set the cronjob to run every 5 minutes or something. Assuming you're using linux here's a quick and dirty script that'll achieve it. 
This doesn't remove the files, but turns the bits off, and makes it immutable so it can't be altered by another script.
This outputs to a log file, so you can review them at a later date.
Also, keep in mind this isn't a fix, just a dirty script I made a few years ago to do something similar. I'm sure there's a plugin out there, or a plugin you could make that does something similar to this.
Make sure the first argument in this file is always -iname plugins, there are several ways to go about this, and mine isn't very clean but it works.
Example:
listfile:
-iname plugins -iname Plugin-dir-1 -iname  Plugin-dir-2 -iname  Plugin-dir-3

Script:
#!/bin/bash
blockdir=${/var/www/domain/wp-content/blocked-plugins}
If [ ! -d "${blockdir}" ]; then
mkdir ${blockdir}
fi
approved=$(cat /path/to/listfile)
logtime=$(date +"%b %a %I:%M:%S %m/%d/%Y")
for unapproved  in $(find /var/www/domain/public_html/wp-content/plugins/ -maxdepth 1 -type d ! -perm 000  $ ! ${approved} $);
do
#Count how many '/' your path has, then add +1 and change the numerical awk value to that.
dirname=$( echo ${unapproved} | awk -F '/' '{print $8}' )
mv ${unapproved} ${blockdir}
chmod -R 000 ${blockdir}/${dirname}
chattr +i ${blockdir}/${dirname}
echo "${logtime} ${unapproved}  has been moved to ${blockdir}/${dirname}" >>/var/log/unapproved.log 
done

Bobby Henry, LFCS
Tier 2 Technician | LPIC-1 | Linux+
Expedient Data Centers | bobby.henry at expedient.com
P: 614-246-0147  | C: 877.570.7827  

-----Original Message-----
From: wp-hackers [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Andrew Bartel
Sent: Wednesday, April 29, 2015 5:16 PM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] Block Specific Plugins

Really would recommend you start working with proper contracts if you have those kind of concerns.  The cost of a lawyer to write up and review contracts is trivial compared to headaches it will prevent.

On that note: https://www.youtube.com/watch?v=jVkLVRt6c1U (good talk at creative mornings, but contains nsfw language)

Thanks,

Andrew Bartel

On Wed, Apr 29, 2015 at 2:09 PM, <chris at 314media.com> wrote:

> Thanks - the setup is above my pay grade but very informative though..
>
> I was thinking smaller -- use case is on dev server working as a 3rd 
> party developer - I don't want client to install theme downloader or 
> some csv exporting thing but they need admin access.. - and someone in 
> their org is probably smart enough to figure out - hey let's not pay 
> em...
>
> I'm lazy enough to disable the editors but thinking would be nice to 
> have as a function I could drop in for a little more security...
>
> Editing user roles I guess...  Back to work :)
>
> > On Apr 29, 2015, at 4:03 PM, Daniel <malkir at gmail.com> wrote:
> >
> > You may be able to swing something with WPCLI and a cron to search 
> > for specific plugins, or only allow specific plugins. That's how 
> > some major WPaaS places do it.
> >> On Apr 29, 2015 2:01 PM, <chris at 314media.com> wrote:
> >>
> >> Any function to block a specific plugins based on its repository name?
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers