Hi Guys. I am trying to figure out if WordPress Plugins can update themselves without my permission, i.e. if they can change their own files without asking me. I thought all Plugins were updated by me.
I had the https version of my site break tonight after what appears to have been the updating of the files of a security plugin - without my consent. If remote updating by a plugin dev is allowed, my initial reaction would be this is a pretty obvious security risk that needs to be closed. It would mean any reputable or maybe non reputable dev could insert malicious code into a plugin that originally seemed legit.
Probably over-reacting a bit but to lose https functionality because of a security plugin, outside of being ironic, right now seems very expensive and frustrating. Might be completely wrong of course, I guess we'll find out when I get my site back.