[wp-trac] [WordPress Trac] #47653: Site Health plugin security check
WordPress Trac
noreply at wordpress.org
Fri Jul 5 07:53:12 UTC 2019
#47653: Site Health plugin security check
-------------------------+------------------------------
Reporter: galbaras | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Site Health | Version: 5.2
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses: administration
-------------------------+------------------------------
Changes (by knutsp):
* keywords: => 2nd-opinion
* focuses: => administration
* type: defect (bug) => enhancement
* version: 5.2.2 => 5.2
Comment:
The attack surface and risk rises/diminishes by the number of functions
and complexity of each extensions, active or inactive, probably somewhere
between linear and exponentially.
Having one or two, the risk is very low, having only trusted and well
maintained ones, like the two bundled may be a very low or ignorable risk.
Sometimes you need to deactivate a plugin or two for a while, and they
will stay on the "recently active" list for some time.
Long time inactive plugins and themes should be regarded as a risk, maybe
small, but it's completey unnecessary and bad practice. For wp.org hosted
plugins you may re-install any by few clicks, using the favourites tab or
search. For others there should be a private/local repo.
Idea 1: Ignore inactive plugins recently being active
Idea 2: Ignore of two or less inactive
As current behaviour is clearly intended, this is not a bug.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47653#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list