WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 5 weeks ago

#50560 new enhancement

show "recently deleted" plugins - a safer option than "inactive plugins"

Reported by: mikulabc Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Plugins Keywords:
Focuses: ui, administration Cc:

Description

The REQUEST:

Please show recently removed plugins within /wp-admin/plugins.php

The STORY:

You may notice the title is unfamiliar to you because such a thing does NOT exist within wordpress.

One of the reasons why people like me do NOT remove inactive plugins is because there is no way to remember the plugin once deleted.

So i keep it.

Now, even "Site Health Status" shows "remove inactive plugins" for security reasons.

https://i.imgur.com/TuF1roA.jpg

If i do that, i will have to take notes manually and links of that awesome file manager or image compressor plugin i found and want to keep.

Wordpress does NOT show the plugins that were used in the past (deleted).

Now, if wordpress WOULD show, i would not have to keep it inactive in order to "keep" it to remember, because i might not use the plugin all the time, such as a file manager or image compressor plugin, hence the reason for inactivation because they are seldomly used, BUT if i delete it, i would have to go on a search to find it again.

The SOLUTION:

(Here is a way how wordpress would make it more delightful for users to delete inactive plugins)..
Simply show the recently removed plugins with the NAME and URL to the plugin itself as a simple line within /wp-admin/plugins.php somewhere.

https://i.imgur.com/rviZF3w.jpg

This way i will gladly delete the plugin right away and not keep it inactive, the settings of the plugin is obviously an entire different story.

Change History (15)

#1 @joyously
5 weeks ago

There is https://wordpress.org/plugins/plugin-notes-plus/ but it's for those that are installed and https://wordpress.org/plugins/dashboard-sticky-notes/ for your own notes, separate.
If WP kept a list of deleted plugins, how long would that list be kept? How would you ever clear the list?
It seems better to keep your own notes, separately.

#2 @mikulabc
5 weeks ago

Good questions Joy, i will answer them:

  • Installing additional plugins defeats the purpose, it makes it hard for multiple wordpress installations to manage and makes it more work, since you need to do those additional steps which decreases productivity for millions of wordpress users that like to simply keep a small history of installed plugins
  • Now to the question of how long the list will be and how to clear it, thats a simply answer: Since its a simple string, a line with title and url to plugin, it will not need any magic to work, specially an [x] button to remove the plugin from the "history", making it easy to manage a certain level of privacy if you dont want someone else to see what plugin was installed, even at 100 plugins in history, this list will not be large, take a look at the image below that i created:

https://i.imgur.com/IshY7BI.jpg

#3 @ayeshrajans
5 weeks ago

If WordPress health report prompts to remove a plugin, it's often for a good reason, I don't think we should encourage users to reinstall it easily.

I think the two plugins mentioned above are interesting. Instead of doing the additional manual note-keeping, I think it wouldn't be too hard to keep a list of uninstalled plugins along with a custom note, in a plugin. Plugin Notes Plugin developer may be listening feature requests?

#4 @jrf
5 weeks ago

If I read things correctly, it seems to me that the problem is that the Admin user finds it difficult to keep track of "trusted" plugins.
That is not necessarily a WP Core issue, nor something that should be "solved" in Core.

There are plenty of ways to keep track of "trusted" plugins. The various notes plugins mentioned above is one.

And what about the Favourites feature on wp.org ? Every plugin can be added to your favourites and you can access those from your own profile on the wp.org site, but you can also call that list up easily from within WP Admin to (re-)install plugins.

And if you really want more control, using version management for the files in your install would seem like a more appropriate solution.

#5 follow-up: @mikulabc
5 weeks ago

I will gladly also answer you guys @jrf and @ayeshrajans

The reason why the "Recently deleted" functionality would be a great start for CORE is because

Wordpress does not want users to have plugins inactive because it seems this triggers a "health report" warning.

So the solution isn't for users to start downloading plugins for notes and then taking notes of their currently removed plugins, but making a user feel safe enough that they will have quick, direct, easy access to the plugin they just deleted by seeing it in a list, giving the user the opportunity to focus on things that are more important than taking notes and keeping those notes updated with hyperlinks and all.

Productivity is a major factor when it comes to anything and specially making it easy for people to help keep wordpress secure by removing plugins.

You cannot educate a user to do the mentioned steps you want them to do, that would require a lot of effort and time which no one has.

I never saw inactive plugins as an issue and i have 64 of them that i will use at some point again, but taking notes of each one is a very time consuming task that isnt feasible for lots of WordPress sites, the only way right now for someone to know that their Awesome plugin is still there is by simply making it inactive.

Would you go the extra mile of directly removing that awesome plugin that you love so much? Obviously not, most people will want to keep it by putting it inactive, see the pattern here? Becasue Wordpress doesnt tell you what you just deleted out of the box, but it actually should - in order for people to feel comfortable also deleting it.

See it this way:

Q: Why does a user not remove plugins?
A: Because he still wants to keep the inactive plugin, if he removes it, ITS GONE.

Q: So how can we make the user feel like he can remove the plugin and not keep it inactive with still feeling like he can come back to that awesome plugin that he wants?
A: By giving him a simple history he can see where it shows the plugin he deleted, so he can go back and download it again whenever he wants or needs it.

If you look at this one simple line, it says that "If you’re not going to use a plugin"
https://i.imgur.com/YnwsJ8Z.jpg
But has anyone ever considered that the user PLANS TO USE IT, but doesnt have the time and effort to keep track of removed plugins on a separate list and update that?

Its tedious and that is where Wordpress core fails, it doesnt give an option that makes it feel like you can can remove it safely with a good feeling it will still be there IN THE LIST OF REMOVED ONES.

I hope now i have shed the proper light into the issue.

If you still believe i am wrong, the best way to test this is by asking 100 sample users directly that have a lot of inactive plugins and ask them "What stops you from deleting the plugins"?

And then follow-up ask them if they would go that extra mile of installing note taking plugins to keep track of removed plugins or if they would rather still just keep them inactive because its TOO MUCH WORK.

You will be surprise how little time people have and want to spend on an additional task such as keeping track of a deleted plugin, so, for now we will keep it inactive until "removing" plugins becomes a safe step for knowing what you deleted so you can come back to it.

I am not alone in this, you guys are not the average user that doesnt have any concerns for security but also doesnt want to loose access to his precious plugins.

If removed, once again - they are gone, if inactive, still there - So:

Removed + in history = best option for security and happiness of the avg. users

Last edited 5 weeks ago by mikulabc (previous) (diff)

#6 @jrf
5 weeks ago

@mikulabc To be honest, if you were "not alone in this", I'm pretty sure someone would have build a plugin already to do just what you are asking. For all I know, a plugin like that may already exist.

For now, this still doesn't feel to me like something which should be addressed in Core.

My perception of why people keep deactivated plugins around:

  • They don't realize that deactivating a plugin doesn't remove it.
  • They want to prevent the data the plugin saved to remain intact, while a lot of plugins (rightfully) clean up after themselves when they get deleted.

Keeping a plugin around for using it again "at some point in the future", however, is generally not a good idea.
The plugin landscape changes regularly, so what may have been a good plugin for your needs two years ago, may now be insecure and unmaintained and superseded by several other better plugins.

#7 @mikulabc
5 weeks ago

@jrf i was not even aware that keeping a plugin inactive is a security risk, only with the "health check" telling me to remove plugins did this become a "not alone in this" issue, because, once again, i am an average user, i hope this clarifies how much of an average user i am - and in retrospect to that, average Joe users of wordpress should be asked, just like me.

Too many products are created based on a few assumptions about what people *think* their users want. It’s a trap to be avoided, especially as there’s plenty of evidence you can gather that will tell you exactly what your users really need.

Then we don't need any perceptions anymore for why people keep plugins inactive.

Wordpress needs to rethink how average Joe users think of the plugins being inactive, maybe this can be replaced with "delete" entirely if the user feels like he can return to it.

Until then my friend, i will simply keep my plugins inactive - despite the security risk, i use wordpress since 2006 and the health check feature telling me to remove 64 unused plugins doesnt come with an option of keeping a record if i delete.

I will suggest that 100 sample average joe users should be asked that have many plugins inactive to prove my point.

#8 in reply to: ↑ 5 @SergeyBiryukov
5 weeks ago

Replying to mikulabc:

So the solution isn't for users to start downloading plugins for notes and then taking notes of their currently removed plugins, but making a user feel safe enough that they will have quick, direct, easy access to the plugin they just deleted by seeing it in a list, giving the user the opportunity to focus on things that are more important than taking notes and keeping those notes updated with hyperlinks and all.

As noted in comment:4, you can mark any plugin you'd want to keep as "favorite" in the WordPress.org directory, and then easily access that list from the Favorites tab of the Add Plugin screen.

#9 @knutsp
5 weeks ago

As someone who also has used WordPress since 2006, I have five ways to keep track of interesting plugins, in case I need them:

  1. Mark as favourite on wordpress.org/plugins
  2. Bookmark in my browser, I have an "Interesting plugins" folder
  3. Some sites of mine have an activity log plugin that can filter on plugins actions, deletions included
  4. Some sites of mine have posts or CPTs with interesting plugins
  5. I can make a (not publicly exposed) navigation menu with links to plugins

Core should not bloat itself with functionality very few probably need, and that can easily be offered through plugins.

Last edited 5 weeks ago by knutsp (previous) (diff)

#10 @mikulabc
5 weeks ago

@SergeyBiryukov @knutsp you guys are advanced users, the fact that you hang around in trac is proof that you have already obtained higher standards, it is about making wordpress safer by making average Joe users feel like they can delete the plugin knowing it shows in a simple list and they can get back to it if they want to.

  • Regarding the favorites, that is also not exactly the best way for someone who manages sites for 20 clients and each wordpress instance has other plugins that are inactive, besides this is a multistep process, again, we want to secure wordpress by forcing people to delete plugins but dont give them some form of info which plugin was last deleted?
  • As mentioned several times now, an average joe user doesnt want to loose access to that precious plugin, so they keep it simply inactive - make that Joe want to participate in deleting!
  • no one in the world can make that user feel at ease if they should delete it to maintain security standards, let alone educate them on a favorite or bookmark trick, you guys think too advanced, we are talking about people that like to do it the easy way.

Regarding the core showing a list of recently deleted plugins - it would make security tighter because users now feel safe deleting a plugin to "keep it" because it still shows in a list.

So in the end, what is more important to the core of wordpress team, making sure plugins that are not used are deleted? If yes, then make users want to delete the plugin.

#11 @mikulabc
5 weeks ago

  • Summary changed from recently installed plugins to show "recently deleted" plugins - a safer option than "inactive plugins"

#12 @mikulabc
5 weeks ago

Please don't give any more hacks and tricks how someone could maintain a list of recently deleted plugins, i will personally do a survey of a few random average joe wordpress users and report back here.

The question will be:
Why do you keep plugins inactive?

Last edited 5 weeks ago by mikulabc (previous) (diff)

#13 @mikulabc
5 weeks ago

Status, i asked in a couple facebook groups to see what response you would expect from WP users that serve clients:

https://i.imgur.com/0sdLH6v.jpg

Total Stats so far:

The question:
Why do you keep WordPress Plugins inactive?

Answers:
Too lazy to delete and take a note: 26 Users
I don't keep inactive plugins: 5 Users

So now you have a clear picture of what i meant.
People sacrifice security for comfort.

This ticket was mentioned in Slack in #core by mikulabc. View the logs.


5 weeks ago

#15 @afercia
5 weeks ago

  • Focuses accessibility removed
Note: See TracTickets for help on using tickets.