Plugins and Theme Repository Thorough Bug, Update and Security Review
WordPress should have a more thorough system of testing and making sure that plugins and themes work, are up to date (no plugins over a year old, say) and are bulletproof secure. The plugin and theme repository should demand that every single plugin and theme should be rigorously reviewed and screened for security. A separate e-commerce site run by the WordPress core team (or perhaps part of this wordpress.org) should do the same thing for premium themes and plugins. Also, tightening down the default security would help tremendously. It seems that everyone's being hacked (thousands of WordPress sites, Target, Adobe, Yahoo, Chase, etc.) and more security (and less frustration with slow, buggy plugins) would be great. They wouldn't force anyone to be part of the program, but the repute would pressure people to submit there anything to WP core, and make it easier on all of us. Of course, the site itself would have to be absolutely bulletproof.
The plugin and theme repository should demand that every single plugin and theme should be rigorously reviewed and screened for security.
We'd love to. We don't have the manpower. Now, every theme is reviewed when submitted and checked in, but not every plugin.
Core itself is a separate matter, and default security there is pretty darn good :)
Right. Core security SETTINGS could be better, though, and as for the plugins and themes, what if you ran a script that would clean out two-year-old (un-updated) plugins at least? Also, whoever's responsible for WordPress could run an App Store-like premium plugin and theme e-commerce site. Many of us, no doubt, would gladly pay for more peace of mind.
Or what about a certification service?
Since this ideas forum is intended for CORE WP only, not plugins/themes, what do you mean by this?
Core security SETTINGS could be better, though
Out of the box, security is pretty darn tight.
Also certification gets bandied about now and then. The code is such a moving target, it would be unsustainable.
Ok. I just thought that Matt or someone "official" at WP should provide a service like that. I wasn't necessarily asking it to be done at this site. This was probably the wrong place to post this idea. Any suggestions on a better place?
As for core security, it was prob a misunderstanding on my part. I was thinking of denying access to files, limiting unsuccessful logins and so on (all the stuff mentioned in "Hardening WordPress" Codex and related posts. Sorry.
Ah, there isn't anyone 'official' really in that sense, we're all volunteers (even Matt!). Matt donates time and server space, as do a lot of companies. So .. it's weird, yeah :D
We have a bunch of community groups in the make.wordpress.org auspice, but right now we're not at a place where anyone can see certification being sustainable. :/
Well, forget about certification, then. Maybe, as a future feature, Automattic could run an App Store for WP. Just a convenience.
Automattic does that (it's called WordPress.com :) )
Remember Automattic doesn't own WordPress. They pay for the server space on wordpress.org, but again, 100% volunteer. Some of us are compensated by our employers, of course, but we're paid to volunteer/
Eh? WordPress.com seems like it's for WordPress.com and nothing else, unless I'm missing something.
I understand you volunteer. So, it seems, running a for-profit "App Storelike" plugins and themes store would be against the whole "open source" idea? At least that's what I'm figuring from this discussion. Too bad if so. Matt or SOMEBODY connected directly with the WP core should be doing that, even if it's not "officially" connected to WP.
RSS feed for this topic
You must log in to post.