[wp-hackers] Uninstall Handling

Ken Brucker Ken at pumastudios.com
Sun Apr 10 15:07:57 UTC 2011


On Apr 9, 2011, at 11:22 AM, Otto wrote:

> On Sat, Apr 9, 2011 at 6:39 AM, Ken Brucker <Ken at pumastudios.com> wrote:
>> I am trying to use the uninstall hook.  However, unless you provide valid FTP/sFTP login credentials you can't get to the point of executing the hook.  In my situation, FTP/sFTP are not enabled on the server so there's no way to respond in a way that will allow the uninstall hook to execute.
> 
> If you can't actually uninstall the plugin, then it would make perfect
> sense to me that you can't run the uninstall hook either.
> 
> If you don't have FTP available, then consider configuring your server
> such that the "direct" method works properly. This is a setuid setup,
> basically, and there's a half a dozen ways to do it. The easiest would
> be to use suPHP instead of the normal PHP setup.

Setting up a server to prevent modification of the code is a good security practice and helps protect a site from hacking.

Is the following sequence to remove a plugin supported?

- Disable plugin in the admin menu
- Via shell, or other method outside the WP admin screens, remove the plugin files from the file system.

On Apr 9, 2011, at 11:30 AM, Andrew Nacin wrote:

> I could entertain the idea for an API abstraction that can fire an uninstall
> hook. But I wouldn't then want it to just get abused.

Abused in what way?  I don't understand the concern.  

What I envision as a viable solution is in the 'Delete' process to add an option to only execute the plugin uninstall action and leave the file system untouched.  The action could finish with a notice to the user that to complete the removal of the plugin the related files should be removed.

-- Ken


More information about the wp-hackers mailing list