Can Plugins update themselves

  • Hi Guys. I am trying to figure out if WordPress Plugins can update themselves without my permission, i.e. if they can change their own files without asking me. I thought all Plugins were updated by me.

    I had the https version of my site break tonight after what appears to have been the updating of the files of a security plugin – without my consent. If remote updating by a plugin dev is allowed, my initial reaction would be this is a pretty obvious security risk that needs to be closed. It would mean any reputable or maybe non reputable dev could insert malicious code into a plugin that originally seemed legit.

    Probably over-reacting a bit but to lose https functionality because of a security plugin, outside of being ironic, right now seems very expensive and frustrating. Might be completely wrong of course, I guess we’ll find out when I get my site back.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Maybe post a question in the Support Forum for that plugin and see what response you get…and I do not hesitate in dumping a plugin that causes trouble and/or does not have good support when needed. Like you have said, “…expensive and frustrating.”

    Thread Starter electrode

    (@electrode)

    Yes I posted a thread already. It doesn’t seem like the plugin is the problem according to my web host. I am curious how the plugin files were updated, didn’t think plugins could do that.

    They can’t – unless (I imagine) you’d previously singed up for some sort of 3rd party updating system. I’d be extremely suspicious of any plugin that did anything like this without permission. Where did you download this plugin from? Are you sure that the plugin is the culprit rather than a symptom of a general site or server breach?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can Plugins update themselves’ is closed to new replies.