Context Navigation

← Previous Ticket
Next Ticket →

#17307 closed feature request (invalid)

WordPress plugin security enhancements

Reported by:	moonman239	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:	3.1
Component:	General	Keywords:
Focuses:		Cc:

Description

Let me just suggest a few things to enhance the security of the WordPress CMS:

1) Change the file extension for plugins. That way, WordPress can monitor the plugins to ensure they are doing no harm.

2) Once that is done, make it so that the only way the plugins can "mess" with the blog is through the Plugin API.

3) Implement a code-signing system. Tell the user if the plugin has not been signed by a trusted authority, or if the signature is invalid.

4) (maybe) Implement a permissions-based system. Let the user set what each plugin is allowed to do. For example, he can allow or deny a plugin permission to write on his blog.

Change History (1)

#1 @scribu
13 years ago

Milestone Awaiting Review deleted
Resolution set to invalid
Status changed from new to closed

trac is not the right place to discuss such broad suggestions. Try posting to wp-hackers or on http://wordpress.org/extend/ideas/ first.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core