antivirus icon indicating copy to clipboard operation
antivirus copied to clipboard

Published 20 hours ago verified publisher icon pluginkollektiv

Scan active plugins

Open swissspidy opened this issue 9 years ago • 6 comments

I think we shouldn't just limit this functionality to the active theme.

Any objections about such a feature? I'm sure it will require some work to achieve this. Maybe it's not even easily possible, e.g. because there could be many false-positives with some plugins.

swissspidy avatar Aug 15 '15 18:08 swissspidy

+1 for the general idea. Regarding false positives etc: I can’t help but seeing a potential boost in support requests. Regardless whether we could indicate that scanning plugins is “experimental”, I see a good chance we’d soon have plugin authors hammering our doors because of users hammering theirs due to existing or non-existing problems detected by AntiVirus.

This is not to say I’m against further testing the idea, I like it! Let’s just also think of possible implications within the ecosystem.

glueckpress avatar Aug 16 '15 09:08 glueckpress

Yep, that's what I was thinking about too. If this works out, we could do something like this in the beginning:

  • Disabled by default, perhaps only even activatable through a constant
  • Mark as highly experimental
  • Limit to specific popular plugins we've tested this heavily with, like Jetpack, Akismet, Yoast SEO, etc.

But first, ~~let me take a selfie~~ let's see if we could get this to work.

swissspidy avatar Aug 16 '15 09:08 swissspidy

:camera: :wink:

glueckpress avatar Aug 16 '15 10:08 glueckpress

Other areas that may be worth considering for a scan:

  • wp-config.php
  • mu-plugins

swissspidy avatar Aug 21 '15 17:08 swissspidy

Additionally, we could tell the user something like "Hey, we detected you have 6 inactive plugins. Better delete them!"

swissspidy avatar Aug 21 '15 17:08 swissspidy

See also: https://wordpress.org/plugins/plugin-security-scanner/

swissspidy avatar Aug 31 '15 20:08 swissspidy