[wp-trac] [WordPress Trac] #17307: WordPress plugin security enhancements

WordPress Trac wp-trac at lists.automattic.com
Mon May 2 20:16:51 UTC 2011

#17307: WordPress plugin security enhancements
 Reporter:  moonman239       |      Owner:
     Type:  feature request  |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  General          |    Version:  3.1
 Severity:  normal           |   Keywords:
 Let me just suggest a few things to enhance the security of the WordPress

 1)  Change the file extension for plugins.  That way, WordPress can
 monitor the plugins to ensure they are doing no harm.

 2)  Once that is done, make it so that the only way the plugins can "mess"
 with the blog is through the Plugin API.

 3)  Implement a code-signing system.  Tell the user if the plugin has not
 been signed by a trusted authority, or if the signature is invalid.

 4) (maybe) Implement a permissions-based system.  Let the user set what
 each plugin is allowed to do.  For example, he can allow or deny a plugin
 permission to write on his blog.

Ticket URL: <http://core.trac.wordpress.org/ticket/17307>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list