[wp-hackers] Server-wide plugins

[David Anderson]

Hi,

As someone who manages servers hosting lots of WordPress websites, I've 
often wanted a convenient way for all WordPress websites on the server 
to be able to include a plugin that's basically an mu-plugin (must-use).

* Collating system-wide IP data from distributed attacks (and feeding 
that data to a firewall)
* Detect and terminate brute-force attacks early (e.g. detect certain 
$_POST patterns, and end execution before further server resources are used)
* Require a local plugin on every site, without needing to manage every 
site individually (e.g. hosting-company-provided automatic backups)
* Have a default hook into wp_mail() that uses the local SMTP setup
* Hook into a local cacheing system

Currently, doing this is really hack-ish. You can play around with PHP's 
auto_prepend or auto_append configuration variables, or set up something 
to automatically detect WordPress installs and to drop a file or symlink 
into wp-content/mu-plugins.

I've now found time to author a core patch for this: 
https://core.trac.wordpress.org/ticket/28105

The ticket has a few anticipated questions and answers about the 
approach, so please do take a look at the ticket if this interests you.

I'd love to hear feedback from other hosting providers who'd find this 
useful. I think it'd be good if the core devs could here about the level 
of demand from server owners for the ability to do this. Personally I'd 
find it hugely useful.

Best wishes,
David

-- 
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net