Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#25436 closed feature request (wontfix)

Permissions system.

Reported by: trusktr's profile trusktr Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: close
Focuses: Cc:

Description

It'd be nice if plugins had to specify certain permissions to access certain features of wordpress (IMHO, I'd like it) for more security.

What does WordPress have in place to detect malicious plugins? It seems easy to make a plugin that can send a blog's data to another server by an unsuspecting plugin user.

Change History (2)

#1 follow-up: @SergeyBiryukov
11 years ago

  • Keywords close added

It'd be nice if plugins had to specify certain permissions to access certain features of wordpress (IMHO, I'd like it) for more security.

We have a system of roles and capabilities that can be leveraged by plugins.

What does WordPress have in place to detect malicious plugins?

The Plugin Review Team checks every plugin submitted to the WordPress.org directory to make sure it conforms to the guidelines. The team's updates are posted on http://make.wordpress.org/updates/tag/plugins/.

#2 in reply to: ↑ 1 @rmccue
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Replying to SergeyBiryukov:

It'd be nice if plugins had to specify certain permissions to access certain features of wordpress (IMHO, I'd like it) for more security.

We have a system of roles and capabilities that can be leveraged by plugins.

I believe this is more about only making certain APIs available to plugins.

Unfortunately, due to the structure of PHP and the way plugins work, this is not possible without rewriting the entire plugin system from scratch and using serious amounts of sandboxing. Whether this is even possible on 99% of systems (i.e. those without runkit) is another question. I think it could be done, but not without serious amounts of programming resources and a huge redesign of our API, which just isn't going to happen.

Closing as wontfix.

Note: See TracTickets for help on using tickets.