[wp-trac] [WordPress Trac] #55321: Adding new themes in releases without a global theme auto-update setting renders installations insecure
WordPress Trac
noreply at wordpress.org
Sat Mar 5 01:23:28 UTC 2022
#55321: Adding new themes in releases without a global theme auto-update setting
renders installations insecure
---------------------------+-----------------------------
Reporter: bertvandepoel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Keywords:
Focuses: ui |
---------------------------+-----------------------------
I'm a member of a student organisation offering hosting to other student
organisations at a Belgian university. Thanks to WordPress, organisation
with a complete lack of technical ability are able to maintain a website,
largely through enabling automatic updates of WordPress, its plugins and
its themes.
I understand it's a conscious choice of WordPress to add a theme every
year through its releases. While I'm personally not a huge fan of these
themes being added, I understand there isn't much we can do about that.
However, many of our organisations assume that once they have enabled
auto-updates, they're largely safe from maintenance issues. This isn't the
case however since our a twentytwentytwo has only been installed a few
months ago and very recently received its first update.
There doesn't seem to be a global setting to enable all auto-updates or
auto-updating for all themes anywhere in the web interface of WordPress.
This will mean that we will have to email each organisation to try to
explain what they have to do and how. This seems contradictory to the idea
of WordPress being very user-friendly even for those with little technical
skills.
I would therefore either recommend a global setting concerning auto-
updates, or ending the practise of adding a new theme every year without
user consent.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55321>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list