[wp-trac] [WordPress Trac] #63304: Proposal: Permission-Based Access Control for Plugins in WordPress Core
WordPress Trac
noreply at wordpress.org
Fri Apr 18 06:56:54 UTC 2025
#63304: Proposal: Permission-Based Access Control for Plugins in WordPress Core
-----------------------------+-----------------------------
Reporter: matinlk | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
Dear WordPress Core Team,
I hope you're doing well.
I’d like to propose a new feature for WordPress core that I believe would
significantly enhance the platform’s overall security and
transparency—especially in the context of third-party plugin management.
🧩 Feature Proposal: Plugin Permission System (Inspired by Mobile OS
Models)
Problem:
Currently, WordPress plugins have unrestricted access to server files, the
entire database, and system functions once activated. This "all-or-
nothing" model lacks a layer of permission-based control, which poses
major risks—especially for less-experienced site administrators who
install plugins without a clear understanding of what those plugins do
behind the scenes.
Proposed Solution:
Introduce a permission request system at the time of plugin
installation/activation, similar to the model used in mobile operating
systems like Android or iOS.
Plugins would be required to declare their intended capabilities such as:
Read/write access to specific directories (e.g. wp-content/uploads, theme
folders, etc.)
Access to specific database tables (e.g. wp_users, custom tables)
Usage of certain PHP functions (e.g. file_get_contents, exec, etc.)
External API access or remote file operations
These permissions would be presented to the site administrator in a clear
and user-friendly interface during installation, allowing for either:
Accepting the required permissions
Rejecting the plugin installation if permissions are deemed too invasive
Optional Advanced Implementation (Stretch Goal):
A plugin sandboxing framework that isolates plugin operations and enforces
the granted permissions dynamically using hooks, wrappers around critical
APIs (e.g. wpdb, Filesystem API, etc.), and static code analysis.
🚀 Benefits:
Enhanced security: Limit the blast radius of malicious or poorly written
plugins.
User transparency: Admins understand exactly what a plugin is trying to
access.
Developer responsibility: Encourages cleaner and more modular code
practices.
Aligns with modern software practices: Inspired by OS-level app
permissions.
🔧 Backward Compatibility:
To ensure a smooth transition, this could start as an optional opt-in
feature or be enforced only on newly submitted plugins to the WordPress
plugin repository, similar to how plugin guidelines and reviews have
evolved.
🔚 Conclusion:
WordPress has always been about empowering users—but with power comes the
need for safe boundaries. I genuinely believe this feature would be a huge
leap forward in making the ecosystem more secure and trustworthy.
I’d be more than happy to contribute ideas, mockups, or help further if
the core team is interested in exploring this proposal.
Thank you for considering this suggestion, and for your continued
dedication to improving WordPress.
Best regards,
[matin boronsi]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63304>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list