This feels like a silly question, but I’ve searched and can’t find an answer. Apologies if it’s staring me in the face.
I have a premium theme (Bricks) that was recently the target of a widescale hack.
A fix was published quickly, and I was largely unaffected by the whole thing.
However, the theme version I have installed in my “favourites” extension is many versions old, and I see no way to keep this updated; so the next time I add a new site and push my favourites to it, I’m pushing a compromised version.
I’m aware I can delete the favourite, and reupload the latest version, but this seems archaic; especially when I might be pushing multiple favourites, in different configurations, to different sites.
Is there any way to keep my favourites up to date?
Feels really shifty to have a constantly ageing group of plugins on my control-site regardless, but the idea that I’m pushing potentially months old plugins to fresh sites feels really negligent.
Thanks for the reply, and for the link to the request.
I’m surprised it only had one vote so far!
I’m aware that the feature request page is now where this conversation should continue, but I’d like to throw a last comment in here, for visibility, and to make an appeal to you directly, in the face of this request with only 2 votes, to put this high up on your to-do list.
The favourites extension is a great idea.
But if it’s getting a lot of use, then I’d wager a large chunk of your userbase are routinely installing compromised plugins and themes onto their child sites through MainWP, and if their workflow doesn’t involve deleting every one of those favourite plugins and reuploading them every single time they spin up a new site, then that’s begging for trouble, and pretty much entirely negates the benefits brought by the favourites extension, assuming webmasters are following best practices by only uploading “safe” plugins as best they can.
@mikeanywhere, if themes have an active license on the child sites, they can easily be updated, so I would recommend that instead of uploading a new version via MainWP.
@josklever for sure, I use MainWP to keep my plugins and themes updated on current sites, but when I spin up a brand new website (or a bunch of them), I’d like to be able to push, say, 5-10 of my favourite plugins/themes to it/them without those being old, potentially compromised files.
I just spun up a new site a couple of days ago, and was about to push a compromised version of the Bricks theme to it. I have no idea if any of the plugins I have in my ‘Favourites’ extension have known exploits that were patched in the time between my adding them to favourites, and pushing them live.
So, as far as I can tell; to maintain security, I have to delete all my favourites, download the latest version of them from each of their respective sites, and reupload them to push them to my child sites. Then, if more than a week/month goes by, I’ll need to do the same thing again to avoid pushing any compromised files to my child sites.
At that point, there’s almost no point in having a large repository of favourites, as they’re potentially unsafe.
I always liked the idea of favourites but I just add plugins to it and use the notes for storing information about the pro plugins. Would never actually add plugins or themes from it to a website as the OP is right, it’s a major security risk. I’m not sure why it was created this way to be honest as outdated themes and plugins have always been a security risk in WordPress.
Maybe I’m missing something obvious here, does anyone else have a practical use case for it?