[wp-trac] [WordPress Trac] #26273: Deactivated plugins and themes should not execute
WordPress Trac
noreply at wordpress.org
Tue Oct 28 03:31:23 UTC 2014
#26273: Deactivated plugins and themes should not execute
----------------------------+------------------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by mboynes):
I have another proposal for addressing this issue. I (mostly) agree with
@jsimone's comment,
> the community think that if something isn't active, it's safe!
What if the plugin page were to use design elements and notices to remind
users that inactive plugins aren't assumed to be safe? Furthermore, when a
plugin is deactivated, core could record the deactivation timestamp and
the message could include useful information for the user, "This plugin
was last active on yyyy-mm-dd". With multisite, this could happen on the
network plugins screen, and it could hypothetically note the last
deactivation time across the entire network (we'd want this to be an
infrequent cron task which stored the result in a transient, as this would
be an expensive poll for a network with thousands of sites or more).
If we add transparency, data, and education, we don't immediately
''solve'' the problem, but I think we will mitigate it significantly (and
if we add hooks to the check, we make it simple for plugins to genuinely
solve the problem by e.g. automatically deleting other plugins which have
been inactive for a month).
Probably goes without saying, but all this applies to themes too, with
considerations for parent/child themes as applicable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list