[wp-trac] [WordPress Trac] #47653: Site Health plugin security check

WordPress Trac noreply at wordpress.org
Fri Jul 5 07:53:12 UTC 2019


#47653: Site Health plugin security check
-------------------------+------------------------------
 Reporter:  galbaras     |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Site Health  |     Version:  5.2
 Severity:  normal       |  Resolution:
 Keywords:  2nd-opinion  |     Focuses:  administration
-------------------------+------------------------------
Changes (by knutsp):

 * keywords:   => 2nd-opinion
 * focuses:   => administration
 * type:  defect (bug) => enhancement
 * version:  5.2.2 => 5.2


Comment:

 The attack surface and risk rises/diminishes by the number of functions
 and complexity of each extensions, active or inactive, probably somewhere
 between linear and exponentially.

 Having one or two, the risk is very low, having only trusted and well
 maintained ones, like the two bundled may be a very low or ignorable risk.

 Sometimes you need to deactivate a plugin or two for a while, and they
 will stay on the "recently active" list for some time.

 Long time inactive plugins and themes should be regarded as a risk, maybe
 small, but it's completey unnecessary and bad practice. For wp.org hosted
 plugins you may re-install any by few clicks, using the favourites tab or
 search. For others there should be a private/local repo.

 Idea 1: Ignore inactive plugins recently being active
 Idea 2: Ignore of two or less inactive

 As current behaviour is clearly intended, this is not a bug.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47653#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list