[wp-trac] [WordPress Trac] #48190: Show infromation from Plugins Directory into WP-Admin plugins page

WordPress Trac noreply at wordpress.org
Tue Oct 1 14:28:11 UTC 2019 

#48190: Show infromation from Plugins Directory into WP-Admin plugins page
-----------------------------+------------------------------
 Reporter:  arberbr          |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Plugins          |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by arberbr):

 Thank you,

 Ok did not know about the existence of this API endpoint.

 Now that i saw this and tested with it for a bit i think the API itself
 might need to be improved a bit.

 First of all, might be different reasons why a plugin is not found anymore
 on the plugins directory. So just returning the answer:
 "plugin not found"
 might not be the best answer.

 IMO needs to be improved by firstly showing different messages for
 different scenarios. When a plugin has security issues and has been closed
 (Rich Reviews case) just saying plugin not found does not give any info
 about the security problems to the WordPress website (which serves as a
 client to the API in this case).

 If the client (the WordPress website) knows from the API that the plugin
 does have security problems then the core of the plugin updater might be
 changed to let the users know about the security issue.

 So first step IMO is to improve the API endpoint itself.

 Secondly what needs to be done on WordPress level (the client of the API
 in this case).

 On Plugins view
 - show for each abandoned plugin (if this info is known to the API) some
 kind of message that the plugin has been abandoned
 - show for each plugin with a confirmed security issue a message and
 recommendations on what to do (example deactivate but keep, or deactivate
 and delete, etc)
 - for older plugins (lets say plugins that havent been updated in 2 years
 or more) show this info to the users. Might be good for the end user to
 know that a certain plugin he uses, might be abandoned.

 Also, for critical security issues, a plugin that is abandoned and has
 security issues to me looks like a critical issue, an email needs to be
 sent from WordPress to the website admins to let them know that those
 plugins are a security risk for the website.

 My idea is all these changes to be implemented on the core.

 I know there are plugins that offer some of the features i mentioned but
 its easier for admins to just check this information on the plugins list.

 Also a lot of people don't use any security plugin at all (lets say
 WordFence, iThemes Security, etc) so without these plugins and without the
 features i described above, those websites will be the first ones to be
 hacked.

 Thank you,
 Arber.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48190#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list