[wp-trac] [WordPress Trac] #37301: A way to test plugin/theme installs and updates before applying
WordPress Trac
noreply at wordpress.org
Thu Jul 7 09:13:21 UTC 2016
#37301: A way to test plugin/theme installs and updates before applying
--------------------------------+-----------------------------
Reporter: Zuige | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version: 4.4.3
Severity: normal | Keywords:
Focuses: ui, administration |
--------------------------------+-----------------------------
The # 1 reason for WordPress sites going completely down or becoming
partially broken is the bad install or an update of a plugin or a theme.
The worst case scenario being a complete white screen of death from which
the only way to recover is to manually remove the culprit plugin files,
which unfortunately requires remote access to the server filesystem.
The current plugin upgrader checks if the upgrade causes errors and can in
some cases recover from the most obvious cases syntax errors in the
critical plugin code. This however fails to mitigate the slightly more
subtle issues like incompatibilities between plugins/themes and javascript
errors that may still completely wreck the site.
Furthermore, the more seasoned WordPress users are known to avoid updating
plugins and themes on their site due to the volatility of running an
update in production. This of course leaves their sites vulnerable to
possible security issues.
The best practice of running staging environments to test plugins before
updating requires a significant amount of technical knowledge and labour,
and is not widely practiced among regular users.
I suggest we give the option for users to test plugin / theme installs and
updates prior to applying them.
This requires a sort of sandbox environment for the user where they can
freely install and test plugins without worrying about breaking anything.
I've created an example implementation of these plugin update sandboxes in
(slightly hacky) plugin form. The plugin adds a "test update" button to
the update.php admin screen, which creates a sandbox where the user can
test the updated plugin without affecting the live site. Both the plugin
directory and the database are separated from the live ones.
https://github.com/anttiviljami/wp-safe-updates
Screenshots:
The "test update" button in update.php
[[Image(https://github.com/anttiviljami/wp-safe-
updates/raw/master/assets/screenshot-1.png)]]
Updating the plugin in an alternate heap (sandbox)
[[Image(https://github.com/anttiviljami/wp-safe-
updates/raw/master/assets/screenshot-2.png)]]
Testing the plugin inside the sandbox
[[Image(https://github.com/anttiviljami/wp-safe-
updates/raw/master/assets/screenshot-3.png)]]
--
I would love more discussion about this. I feel the safety of theme /
plugin updates is definitely among the most important issues to solve for
the future of WordPress security.
Love,
@anttiviljami
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37301>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list