[wp-trac] [WordPress Trac] #26273: Deactivated plugins and themes should not execute
WordPress Trac
noreply at wordpress.org
Sat Jul 26 07:40:53 UTC 2014
#26273: Deactivated plugins and themes should not execute
----------------------------+------------------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by jsimone):
I don't really think those comments pertain to the solutions I proposed.
In fact comment 5 seems a bit out of touch with reality.
In many server configurations, the user doesn't have direct write
access to the WordPress files
If the user doesn't have write access to WordPress files then the entire
Plugin section is useless. Special file permissions are required for
installing, updating, deleting,... what's wrong with needing file
permissions for deactivating? Put another way: Do we really want to
endorse configurations where WP administrators can't even keep their
plugins and core install up to date? Isn't that the exact opposite of what
we are trying to encourage?
I agree with comment 13 to an extent.
Sorry, but editing plugin PHP files will not be a feasible solution
here. That's just too unreliable and risky, and there are too many things
that can go wrong, given the many different server configurations that
WordPress has to support.
Editing PHP '''''code''''' is definitely overkill and unreliable. But
'''renaming, archiving, or moving plugin files''' would all be
appropriate, and fairly trivial. Zip files already drive plugin installs.
What's wrong with packaging them back up when they are deactivated?
Let me propose an example of what I think is a very viable exploit for
WordPress today:
There are at least tens of thousands of WordPress themes out there. There
are also a lot of third-party websites distributing themes. I think it is
fair to say that the perception of a theme is that it is fairly
lightweight and doesn't present the same security concerns as an out of
date plugin.
Unsavory characters could obtain some popular or attractive open-source
themes and (discretely) inject PHP backdoor code. They could rename the
themes and upload them to a slew of community websites. Heck the sheer
number of themes in the wild might make it trivial to just find a few with
pre-existing issues. Then, botnets could scan websites for the malicious
theme names and exploit the backdoors for further nefarious deeds. This
could all be done even without a user ever activating the theme in
question.
I think the community is moving toward doing whatever it takes to put
security front-and-center. Isn't that what introducing automatic core
updates is all about? I'm sure making that the default setting was a
contention topic at one point. I think the benefits again outweigh the
excuses in this case and the problem should be addressed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list