[wp-trac] [WordPress Trac] #30465: Dashboard alert if a plugin/theme was removed from WordPress repo

WordPress Trac noreply at wordpress.org
Tue Oct 29 08:02:01 UTC 2024 

#30465: Dashboard alert if a plugin/theme was removed from WordPress repo
---------------------------------------------+-----------------------
 Reporter:  sergej.mueller                   |       Owner:  (none)
     Type:  feature request                  |      Status:  reopened
 Priority:  normal                           |   Milestone:  6.8
Component:  Security                         |     Version:
 Severity:  normal                           |  Resolution:
 Keywords:  dev-feedback security has-patch  |     Focuses:
---------------------------------------------+-----------------------

Comment (by oliversild):

 Replying to [comment:45 dd32]:
 > I'm especially concerned that if this is merged as-is without extra
 action occuring elsewhere, the text will end up being changed to be overly
 alertism of "This is DANGEROUS! You need to replace this plugin!11!11"
 which is a disservice to majority WordPress users and developers.

 I don't think we need to freak people out, but we also can't leave them in
 the dark. The message could be "Warning: This plugin is currently closed
 in WordPress.org plugins repository. What does this mean?" - just link
 that to an article which would then outline all possible reasons why this
 might be, such as:
 - Plugin moved away from WordPress.org and is set to receive updates &
 support elsewhere.
 - Plugin is abandoned, does not receive (security) updates and is not
 actively developed anymore.
 - Plugin is closed due unpatched security issue.
 - Plugin in closed due to guideline violation.
 - Other.

 We should honestly have this marked as priority and roll it out ASAP! This
 month, in October alone there has been over 400 plugins that have been
 either temporarily or permanently closed due to a security vulnerability.
 Additionally, over the past couple of weeks there has been more and more
 plugins which have decided to switch away from WordPress.org that have
 hundreds of thousands of active installations and whose users won't be
 able to receive any (including security) updates via WordPress.org
 anymore.

 **We don't need a perfect solution right away. We can always improve. But,
 the users need to know now! **

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/30465#comment:47>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list