WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#18874 closed enhancement (wontfix)

Don't alert me about updates to themes I'm not using

Reported by: foxmajik Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

I don't need to know that a theme that comes with WordPress which I'm not using has been updated.

Only alert me about updates to the theme I am using.

Change History (5)

comment:1 foxmajik3 years ago

Workaround: Remove themes that aren't in use.

cd wordpress/wp-content/themes
mv [currenttheme] ..
rm -rf *
mv ../[currenttheme] .

Version 0, edited 3 years ago by foxmajik (next)

comment:2 kurtpayne3 years ago

Alternate workaround: Use the Disable WordPress Theme Updates plugin.

comment:3 foxmajik3 years ago

That isn't a workaround.

This would prevent the user from getting any updates.

That could open them up to unpatched security vulnerabilities.

comment:4 nacin3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

That could open them up to unpatched security vulnerabilities.

So could not updating themes that aren't in use. Look at the TimThumb vulnerability, for example. Direct file access. No activation necessary, for plugins or themes. Just needs to be sitting there.

We've been down this road before (I've proposed this myself, I'm sure) and there are plenty of other reasons as well. One might be that the user is waiting for an update to switch back to or try the theme. Considering this one wontfix, and (discouraged) plugin material.

comment:5 scribu3 years ago

This shouldn't be such a big problem now that WP updates don't re-install built-in themes that you have deleted.

Note: See TracTickets for help on using tickets.