[wp-hackers] Bundled Plug-ins

scribu mail at scribu.net
Sat Oct 2 18:37:52 UTC 2010


On Sat, Oct 2, 2010 at 9:30 PM, Mike Schinkel
<mikeschinkel at newclarity.net>wrote:

> I'm assuming the issue is that any code on the server could have a security
> hole, deactivated or not, so it's critical that we get all code updated in
> case of a security hole, right? But could there not be a third way? How
> about an "archive" feature that allowed a user to archive a plugin which
> would either zip its contents and/or set the permissions on its
> directory/files so that it's not accessible externally (if that's even
> possible; my knowledge of how server permissions work is rather lacking.)
>

If you're that concerned about security, you're better off deleting the
plugin and just bookarmking it in your browser or whatever.

If you just want to hide the update nags (something that I would like to do
too), you could make a plugin that does it (with jQuery, in the worst case).


I think these constant "update me" notices are yet another reason why people
> don't want to use any more plugins than they have to even though the
> constant refrain related to features is "that's plugin territory." (I think
> what I'm saying here is that by improving the management of plugins it might
> help people who have issues with plugins dislike them less.)
>

I agree that plugin management could be a little more sophisticated.


More information about the wp-hackers mailing list