[wp-trac] [WordPress Trac] #25137: Enable safe mode to run WordPress without loading plugins

WordPress Trac noreply at wordpress.org
Sun Sep 28 17:02:41 UTC 2014


#25137: Enable safe mode to run WordPress without loading plugins
-----------------------------+-----------------------
 Reporter:  knutsp           |       Owner:
     Type:  feature request  |      Status:  reopened
 Priority:  normal           |   Milestone:
Component:  Bootstrap/Load   |     Version:  3.6
 Severity:  normal           |  Resolution:
 Keywords:  dev-feedback     |     Focuses:
-----------------------------+-----------------------
Changes (by knutsp):

 * keywords:  dev-feedback close => dev-feedback
 * status:  closed => reopened
 * resolution:  maybelater =>


Comment:

 What we need is to be able to load a minimum part WordPress, without
 plugins and with the default theme, bringing up a special emergency
 administrative screen where an admin user can permanently deactivate one,
 some or all active plugins, and even permanently switch to the default
 theme, in order to start all over with theme and plugin activations
 through the normal wp-admin interface. This is the simple part.

 To achieve this we also need to login without plugins loaded. This is the
 main problem I have identified, because it would create a simple way to
 bypass security enhancements like "Limit Login Attempt" and others. One
 could argue that such plugins ideally should be among Must Use plugins,
 but I don't think that is a way to go for several reasons, though
 discussable.

 Another approach to the login problem could be to allow plugins to
 blacklist themselves for such "safe mode" deactivation on wp-login.php.

 A third approach I have been thinking about since my first suggestion is
 to set a special short-term, administrators only, login cookie only valid
 on the new plugin/theme emergency deactivation page. This must then be
 combined with an extra site wide emergency password or secret word.

 Since discussion about something like this is back on #29772 I reopen this
 ticket, so both can be open until we decide what ticket is best suited to
 continue the discussion on.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25137#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list