[wp-trac] [WordPress Trac] #37301: A way to test plugin/theme installs and updates before applying

WordPress Trac noreply at wordpress.org
Thu Jul 7 09:13:21 UTC 2016


#37301: A way to test plugin/theme installs and updates before applying
--------------------------------+-----------------------------
 Reporter:  Zuige               |      Owner:
     Type:  feature request     |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Plugins             |    Version:  4.4.3
 Severity:  normal              |   Keywords:
  Focuses:  ui, administration  |
--------------------------------+-----------------------------
 The # 1 reason for WordPress sites going completely down or becoming
 partially broken is the bad install or an update of a plugin or a theme.

 The worst case scenario being a complete white screen of death from which
 the only way to recover is to manually remove the culprit plugin files,
 which unfortunately requires remote access to the server filesystem.

 The current plugin upgrader checks if the upgrade causes errors and can in
 some cases recover from the most obvious cases syntax errors in the
 critical plugin code. This however fails to mitigate the slightly more
 subtle issues like incompatibilities between plugins/themes and javascript
 errors that may still completely wreck the site.

 Furthermore, the more seasoned WordPress users are known to avoid updating
 plugins and themes on their site due to the volatility of running an
 update in production. This of course leaves their sites vulnerable to
 possible security issues.

 The best practice of running staging environments to test plugins before
 updating requires a significant amount of technical knowledge and labour,
 and is not widely practiced among regular users.

 I suggest we give the option for users to test plugin / theme installs and
 updates prior to applying them.

 This requires a sort of sandbox environment for the user where they can
 freely install and test plugins without worrying about breaking anything.

 I've created an example implementation of these plugin update sandboxes in
 (slightly hacky) plugin form. The plugin adds a "test update" button to
 the update.php admin screen, which creates a sandbox where the user can
 test the updated plugin without affecting the live site. Both the plugin
 directory and the database are separated from the live ones.

 https://github.com/anttiviljami/wp-safe-updates

 Screenshots:

 The "test update" button in update.php

 [[Image(https://github.com/anttiviljami/wp-safe-
 updates/raw/master/assets/screenshot-1.png)]]

 Updating the plugin in an alternate heap (sandbox)

 [[Image(https://github.com/anttiviljami/wp-safe-
 updates/raw/master/assets/screenshot-2.png)]]

 Testing the plugin inside the sandbox

 [[Image(https://github.com/anttiviljami/wp-safe-
 updates/raw/master/assets/screenshot-3.png)]]

 --

 I would love more discussion about this. I feel the safety of theme /
 plugin updates is definitely among the most important issues to solve for
 the future of WordPress security.

 Love,
 @anttiviljami

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37301>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list