WordPress.org

Ready to get started?Download WordPress

Ideas

Plugins and Theme Repository Thorough Bug, Update and Security Review

  1. Web Maker
    Member

    WordPress should have a more thorough system of testing and making sure that plugins and themes work, are up to date (no plugins over a year old, say) and are bulletproof secure. The plugin and theme repository should demand that every single plugin and theme should be rigorously reviewed and screened for security. A separate e-commerce site run by the WordPress core team (or perhaps part of this wordpress.org) should do the same thing for premium themes and plugins. Also, tightening down the default security would help tremendously. It seems that everyone's being hacked (thousands of WordPress sites, Target, Adobe, Yahoo, Chase, etc.) and more security (and less frustration with slow, buggy plugins) would be great. They wouldn't force anyone to be part of the program, but the repute would pressure people to submit there anything to WP core, and make it easier on all of us. Of course, the site itself would have to be absolutely bulletproof.

    Posted: 1 year ago #
  2. Ipstenu (Mika Epstein)
    Administrator

    The plugin and theme repository should demand that every single plugin and theme should be rigorously reviewed and screened for security.

    We'd love to. We don't have the manpower. Now, every theme is reviewed when submitted and checked in, but not every plugin.

    Core itself is a separate matter, and default security there is pretty darn good :)

    Posted: 1 year ago #
  3. Web Maker
    Member

    Right. Core security SETTINGS could be better, though, and as for the plugins and themes, what if you ran a script that would clean out two-year-old (un-updated) plugins at least? Also, whoever's responsible for WordPress could run an App Store-like premium plugin and theme e-commerce site. Many of us, no doubt, would gladly pay for more peace of mind.

    Posted: 1 year ago #
  4. Web Maker
    Member

    Or what about a certification service?

    Posted: 1 year ago #
  5. Ipstenu (Mika Epstein)
    Administrator

    Since this ideas forum is intended for CORE WP only, not plugins/themes, what do you mean by this?

    Core security SETTINGS could be better, though

    Out of the box, security is pretty darn tight.

    Also certification gets bandied about now and then. The code is such a moving target, it would be unsustainable.

    Posted: 1 year ago #
  6. Web Maker
    Member

    Ok. I just thought that Matt or someone "official" at WP should provide a service like that. I wasn't necessarily asking it to be done at this site. This was probably the wrong place to post this idea. Any suggestions on a better place?
    As for core security, it was prob a misunderstanding on my part. I was thinking of denying access to files, limiting unsuccessful logins and so on (all the stuff mentioned in "Hardening WordPress" Codex and related posts. Sorry.

    Posted: 1 year ago #
  7. Ipstenu (Mika Epstein)
    Administrator

    Ah, there isn't anyone 'official' really in that sense, we're all volunteers (even Matt!). Matt donates time and server space, as do a lot of companies. So .. it's weird, yeah :D

    We have a bunch of community groups in the make.wordpress.org auspice, but right now we're not at a place where anyone can see certification being sustainable. :/

    Posted: 1 year ago #
  8. Web Maker
    Member

    Well, forget about certification, then. Maybe, as a future feature, Automattic could run an App Store for WP. Just a convenience.

    Posted: 1 year ago #
  9. Ipstenu (Mika Epstein)
    Administrator

    Automattic does that (it's called WordPress.com :) )

    Remember Automattic doesn't own WordPress. They pay for the server space on wordpress.org, but again, 100% volunteer. Some of us are compensated by our employers, of course, but we're paid to volunteer/

    Posted: 1 year ago #
  10. Web Maker
    Member

    Eh? WordPress.com seems like it's for WordPress.com and nothing else, unless I'm missing something.
    I understand you volunteer. So, it seems, running a for-profit "App Storelike" plugins and themes store would be against the whole "open source" idea? At least that's what I'm figuring from this discussion. Too bad if so. Matt or SOMEBODY connected directly with the WP core should be doing that, even if it's not "officially" connected to WP.

    Posted: 1 year ago #

RSS feed for this topic

Reply »

You must log in to post.

  • Rating

    12345
    1 Vote
  • Status

    This is not a core suggestion