[wp-trac] [WordPress Trac] #65117: Proposal: Hook Permissions Layer
WordPress Trac
noreply at wordpress.org
Tue Apr 28 09:04:15 UTC 2026
#65117: Proposal: Hook Permissions Layer
---------------------------------------+------------------------------
Reporter: namith.jawahar | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: normal | Resolution:
Keywords: has-screenshots has-patch | Focuses:
---------------------------------------+------------------------------
Comment (by aravindajith):
This is an interesting and well thought out proposal. The problem is real,
especially for teams using WordPress as an application platform.
That said, the scope feels quite large for core. It combines tracking,
scanning, permissions, UI, and update-time checks into a single system.
A few concerns:
* The main value seems to be in controlled environments (SaaS,
enterprise). For typical sites, unrestricted hooks are often a feature.
* Blocking new hooks on plugin updates could lead to unexpected breakages
that are hard to debug.
* Static scanning may miss dynamic hooks, while runtime tracking adds
overhead.
* The UI and concept of “disabling hooks” may be difficult for non-
technical users to reason about.
It might be worth exploring a more incremental approach, starting with
better visibility into hook usage and lighter, opt-in controls for
sensitive hooks.
Overall, this feels like a strong direction, but possibly better
introduced in smaller steps.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/65117#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list