Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#18874 closed enhancement (wontfix)

Don't alert me about updates to themes I'm not using

Reported by: foxmajik's profile foxmajik Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

I don't need to know that a theme that comes with WordPress which I'm not using has been updated.

Only alert me about updates to the theme I am using.

Change History (5)

#1 @foxmajik
13 years ago

Workaround: Remove themes that aren't in use.

cd wordpress/wp-content/themes
mv [currenttheme] ..
rm -rf *
mv ../[currenttheme] .
Last edited 13 years ago by foxmajik (previous) (diff)

#2 @kurtpayne
13 years ago

Alternate workaround: Use the Disable WordPress Theme Updates plugin.

#3 @foxmajik
13 years ago

That isn't a workaround.

This would prevent the user from getting any updates.

That could open them up to unpatched security vulnerabilities.

#4 @nacin
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

That could open them up to unpatched security vulnerabilities.

So could not updating themes that aren't in use. Look at the TimThumb vulnerability, for example. Direct file access. No activation necessary, for plugins or themes. Just needs to be sitting there.

We've been down this road before (I've proposed this myself, I'm sure) and there are plenty of other reasons as well. One might be that the user is waiting for an update to switch back to or try the theme. Considering this one wontfix, and (discouraged) plugin material.

#5 @scribu
13 years ago

This shouldn't be such a big problem now that WP updates don't re-install built-in themes that you have deleted.

Note: See TracTickets for help on using tickets.