[wp-trac] [WordPress Trac] #25137: Enable safe mode to run WordPress without loading plugins
WordPress Trac
noreply at wordpress.org
Sun Sep 28 17:02:41 UTC 2014
#25137: Enable safe mode to run WordPress without loading plugins
-----------------------------+-----------------------
Reporter: knutsp | Owner:
Type: feature request | Status: reopened
Priority: normal | Milestone:
Component: Bootstrap/Load | Version: 3.6
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses:
-----------------------------+-----------------------
Changes (by knutsp):
* keywords: dev-feedback close => dev-feedback
* status: closed => reopened
* resolution: maybelater =>
Comment:
What we need is to be able to load a minimum part WordPress, without
plugins and with the default theme, bringing up a special emergency
administrative screen where an admin user can permanently deactivate one,
some or all active plugins, and even permanently switch to the default
theme, in order to start all over with theme and plugin activations
through the normal wp-admin interface. This is the simple part.
To achieve this we also need to login without plugins loaded. This is the
main problem I have identified, because it would create a simple way to
bypass security enhancements like "Limit Login Attempt" and others. One
could argue that such plugins ideally should be among Must Use plugins,
but I don't think that is a way to go for several reasons, though
discussable.
Another approach to the login problem could be to allow plugins to
blacklist themselves for such "safe mode" deactivation on wp-login.php.
A third approach I have been thinking about since my first suggestion is
to set a special short-term, administrators only, login cookie only valid
on the new plugin/theme emergency deactivation page. This must then be
combined with an extra site wide emergency password or secret word.
Since discussion about something like this is back on #29772 I reopen this
ticket, so both can be open until we decide what ticket is best suited to
continue the discussion on.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25137#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list