Standalone Install/Upgrade/Backup App

  1. Inactive


    I started out posting a short version of this in this thread, but I realized it applies to a lot of these ideas about upgrading, backup, and installing of WordPress, Themes, and such, so I figured I'd post it as a new idea so ti could get votes.

    As you read this, bear in mind that it would require some commitment on the part of the WordPress development team and plugin developers to increment the standard for plugin information and create a standard for upgrade feeds, as well as to standardize the install/upgrade process. Upgrading WordPress is never going to be just a matter of uploading, you need to visit a couple of web pages to get some SQL queries taken care of (initial installing requires entering additional information like your database login etc). The same is true for some plugins, some even require initial and/or upgrade (re)configuration ...

    But lets pretend that we've agreed to that. There will be RSS feeds on wp-plugins.org (or on individual developers sites), and each plugin will specify the URL of it's upgrade feed. The feed will indicate the plugin name, version, and min (and optionally maximum?) WordPress versions (as well as any other requirements, like having other software installed, or needing a Flickr account). The feed will use enclosures to make the updated plugins available for download.

    Now you want to make upgrading and installing easy, so you'd like it in your WordPress admin page, but this is not just difficult, it's potentially a security problem.

    Installing or upgrading requires writing files in your web directory, which means you would need to <b>either</b>:

    1. Provide the upgrade scripts with your FTP/SSH login credentials
    2. Set your directory permissions so they are globally writable

    Both of these are a bad idea. The first option generally requires sending your FTP password in the clear in a forms request. The second option leaves you open to all sorts of trouble if you're on shared-hosting ...

    My proposal is that it might be better to create a rich-client upgrader.

    That is to say: an application that end users could run (could be as simple as perl/python scripts for 'nix users, which could be compiled for Windows users). This app could not only do the initial install for you, but could also check these hypothetical RSS update feeds for the plugins/themes you were using (and/or check a wp-plugins feed for new plugins) and take care of downloading them, unpacking, and uploading them ...

    It could also offer the option to store backups of everything locally, and even to retrieve a backup of your database.

    This way your folders could be left properly secured, and your password would only be sent during the actual login to your server. Essentially we're just talking about an application that can FTP, check RSS feeds, and possibly open a browser for you to finish the configuration ...

    Writing something like this would be a bit of a departure for the core WordPress team, obviously ... but there are plenty of WordPress users who are capable of writing such an app (myself included) if there was support for doing it -- meaning, if the core development team would support it by providing the required update feeds and version/upgrade information.

    Posted: 12 years ago #
  2. Oscar Gonzalez


    This sounds like a fine idea to me, but I think the update feeds from plugins should fall onto the plugin dev's responsibility. WordPress could just publish a list of these feeds that comply to WP standards... and allow (with a disclaimer) for you to add non-compliant feeds as well.

    Posted: 12 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

  • Rating

    85 Votes
  • Status

    This is not a core suggestion