[wp-trac] [WordPress Trac] #33374: Improvements for the messages visible in the plugin manager

WordPress Trac noreply at wordpress.org
Fri Aug 14 15:41:42 UTC 2015 

#33374: Improvements for the messages visible in the plugin manager
--------------------------------+-----------------------------
 Reporter:  dziudek             |      Owner:
     Type:  enhancement         |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Plugins             |    Version:
 Severity:  normal              |   Keywords:
  Focuses:  ui, administration  |
--------------------------------+-----------------------------
 Hello,

 WordPress is more and more popular and I think that it is the time to
 prepare better security-related messages into plugin manager.

 Outdated plugins are probably the most popular way to compromise websites
 based on WordPress.

 That’s why I suggest that in the plugin manager the following messages
 should appear too:

 - “This plugin has not been updated for more than 2 years” - some plugins
 are no longer developed and can contain vulnerabilities which are not
 managed by the plugin developer
 - “Security update” - it would be great to provide the plugin authors a
 possibility to add a message that the current update is a security update.
 Then users will know that they should update their plugin immediately
 (Currently I often check every changelog to make sure that I can made an
 update in weekend).
 - “No longer in directory” - some plugins were removed from the repository
 and of course are no longer maintained - it is a similar issue as the
 first one. Additionally it will help users to detect plugins which was
 accepted but breaks the WordPress.org rules.

 Sending e-mails connected with these messages would be also great for
 administrators.

 Yes, I know that there are plugins for the above features, but I think
 that due a big popularity of WordPress and more and more massive attacks
 which appears sometimes after few hours (!) after disclosure, WordPress
 should contain better tools which are built-in into the core code. Because
 a lot of people currently ignore updates or uses very old and vulnerable
 extensions. In my opinion “security” is a keyword which forces people for
 the updates.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33374>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list