Support » Plugin: BulletProof Security » remote plugin update

  • Resolved gdeschep


    I notice that the .htacess file is automatically updated whenever the BPS plugin gets updated.

    But when using a remote management tool such as ManageWP or Infinite WP for updating plugins, I notice that the auto .htaccess update of BPS is only triggered after I manually login to each WP site.

    Obviously I’m using a remote management tool to ease the plugin management of multiple sites, so having to login manually to each site whenever a BPS update was performed is something I would like to avoid.

    Would it be possible to automatically perform the .htaccess update of BPS right after the plugin gets updated without having to login first ?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author AITpro


    The automatic update checks that you are a logged in Admin to the site with permissions to perform the automatic update, checks the BPS version number and then performs the automatic update.

    The idea you are proposing could be very simply done with a WordPress Cron. This would have to be an option setting because folks should have a choice about turning this On or Off.

    I don’t see anything in the WordPress Plugin Guidelines that says you cannot do/not allowed to do something like this so I will add this as an option in the next version release.

    WordPress Plugin Guidelines:

    That sounds great !

    Or maybe another possible solution might be to trigger the automatic check from a plugin activation hook ?


    Plugin Author AITpro


    Actually it would be much simpler to create the Cron due to the way/how/where the code is currently fired from. Or yeah I could just duplicate/fire the current code/function and have it executed under the activation function, but since creating a WP Cron is so simple to create/add and the WordPress Settings API is so quick and simple to use/setup/add then actually creating a Cron Option is the much simpler route to go.

    More importantly I feel that this should be an Option that someone can choose to use or not so having this done automatically under the activation function will cause headaches for me – guaranteed. 😉

    Most folks have CGI configured Servers, but for the 1% of folks that have DSO configured Servers they need to see the BPS Alerts that the autoupdate did not complete since these folks need to do manual file permission and/or ownership changes.

    Ok, that’s indeed a logical explanation.
    A cronjob it will be then 🙂

    BTW, something went wrong with the url reference to the plugin activation hook I wanted to add in my previous post, but it doesn’t matter anymore.

    Plugin Author AITpro


    Marking this as resolved. This new feature will be added in BPS .48.1.

    Plugin Author AITpro


    Well as it turns out adding something like this is not really doable without putting the site at serious risk.

    The auto-updating of the .htaccess files can ONLY be triggered by a logged in administrator to the site since file writing is occurring so when I played around with allowing the updating to occur with a non-administrator account you can imagine all the fun ways I discovered that you can destroy the site by simply just registering and logging in as a Subscriber.

    The same dilemma occurs with putting the trigger under the activation hook. Unfortunately, this is just not safely doable. Sorry about that. 😉

    That’s a pitty, but I understand the security concerns.
    Anyway, thanks for your time to investigate this !

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘remote plugin update’ is closed to new replies.