[wp-hackers] Uninstall Handling
Ken Brucker
Ken at pumastudios.com
Sun Apr 10 15:07:57 UTC 2011
On Apr 9, 2011, at 11:22 AM, Otto wrote:
> On Sat, Apr 9, 2011 at 6:39 AM, Ken Brucker <Ken at pumastudios.com> wrote:
>> I am trying to use the uninstall hook. However, unless you provide valid FTP/sFTP login credentials you can't get to the point of executing the hook. In my situation, FTP/sFTP are not enabled on the server so there's no way to respond in a way that will allow the uninstall hook to execute.
>
> If you can't actually uninstall the plugin, then it would make perfect
> sense to me that you can't run the uninstall hook either.
>
> If you don't have FTP available, then consider configuring your server
> such that the "direct" method works properly. This is a setuid setup,
> basically, and there's a half a dozen ways to do it. The easiest would
> be to use suPHP instead of the normal PHP setup.
Setting up a server to prevent modification of the code is a good security practice and helps protect a site from hacking.
Is the following sequence to remove a plugin supported?
- Disable plugin in the admin menu
- Via shell, or other method outside the WP admin screens, remove the plugin files from the file system.
On Apr 9, 2011, at 11:30 AM, Andrew Nacin wrote:
> I could entertain the idea for an API abstraction that can fire an uninstall
> hook. But I wouldn't then want it to just get abused.
Abused in what way? I don't understand the concern.
What I envision as a viable solution is in the 'Delete' process to add an option to only execute the plugin uninstall action and leave the file system untouched. The action could finish with a notice to the user that to complete the removal of the plugin the related files should be removed.
-- Ken
More information about the wp-hackers
mailing list