#18874 closed enhancement (wontfix)
Don't alert me about updates to themes I'm not using
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: |
Description
I don't need to know that a theme that comes with WordPress which I'm not using has been updated.
Only alert me about updates to the theme I am using.
Change History (5)
#2
@
13 years ago
Alternate workaround: Use the Disable WordPress Theme Updates plugin.
#3
@
13 years ago
That isn't a workaround.
This would prevent the user from getting any updates.
That could open them up to unpatched security vulnerabilities.
#4
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
That could open them up to unpatched security vulnerabilities.
So could not updating themes that aren't in use. Look at the TimThumb vulnerability, for example. Direct file access. No activation necessary, for plugins or themes. Just needs to be sitting there.
We've been down this road before (I've proposed this myself, I'm sure) and there are plenty of other reasons as well. One might be that the user is waiting for an update to switch back to or try the theme. Considering this one wontfix, and (discouraged) plugin material.
Workaround: Remove themes that aren't in use.