Stopping people installing BWPS

  • Resolved lovingboth

    (@lovingboth)


    10 years, 12 months ago

    I am sure that this plugin is wonderful if you know what you are doing.

    I am also now completely certain that if you do not, it is not something you should be allowed anywhere near. Two people I have set up sites for have installed it and ended up with unusable messes.

    If I create a wp-content/plugins/better-wp-security directory and make it unreadable and unwritable, will that stop it from being installed?

    If it won’t – perhaps because WordPress would go ‘Oh, there’s a clash, I’ll install it somewhere else…’ – is there any way of doing so…

    … apart from stopping them having admin rights (not acceptable) or showing them the invoices the first two got (perhaps a bit too frightening!)

    http://wordpress.org/extend/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter lovingboth

    (@lovingboth)

    10 years, 11 months ago

    Having tested this, it does work 🙂

    Downloading install package from http://downloads.wordpress.org/plugin/better-wp-security.3.4.10.zip…

    Unpacking the package…

    Installing the plugin…

    Could not copy file. /xxxx/xxxx/xxxx/test/wp-content/plugins/better-wp-security/screenshot-2.png

    Plugin install failed.

    Return to Plugin Installer

    Right, the instructions to set up that directory are going straight into my setup script.

    Handoko

    (@handoko-zhang)

    10 years, 10 months ago

    I’m sorry to hear that this plugin causes you troubles.

    I agree with your saying: that this plugin should be installed only if the user know what he/she is doing.

    Often we hear, users get problems because of this plugin, but actually it is not this plugin’s fault. Perhaps it needs to show more warnings when user try to enable any of the feature.

    Anyway, good trick. Perhaps you can consider to write them into a plugin.

    Thread Starter lovingboth

    (@lovingboth)

    10 years, 10 months ago

    It is particularly problematic if you set up sites for other people. Almost the first thing it wants to do is prevent user #1 – you – from doing anything.

    My install script does this, and I think putting it into a plugin would be too much work, in writing and testing it, and in me remembering to install it each time. It also means they can’t uninstall a ‘stop BWPS’ plugin and install BWPS either 🙂

    FWIW, a similar trick stops people installing WordFence for similar reasons.

    Handoko

    (@handoko-zhang)

    10 years, 10 months ago

    The problem is there are too many plugins that can cause trouble is not configured properly. You may need to consider to disable the user ability for installing any plugin.

    I use User Role Editor plugin to limit the user ability from doing anything that may harmful to the webiste.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Stopping people installing BWPS’ is closed to new replies.