How Does This Work?

Upon further investigation, I see that you’re actually saving the older versions of premium plugins in new folders in the /uploads/plugin directory.

This is concerning for 2 reasons:

1. Over time, this will consume a lot of disk space and there’s no way to delete these without going in manually

2. (The BIG Concern) When plugins are updated for security issues, you’re leaving a copy of the vulnerable code on the site in these vestigial folders.

Am I understanding this correctly?

Hi @nathaningram

Thank you for your thread.

Here are my answers:

1) If you delete this plugin, all the copies will be automatically removed. In a future version, you will also have the possibility to delete them from the page of plugins.
The disk space is not a problem at all, because the plugins usually are a lot smaller than the images you have in the media library. The biggest problem could be the maximum number of files if the limit provided by your server is too low and you have a lot of plugins. But also in this last case, if the plugin saves up to 3 versions, you should not have problems. This is why you have up to 3 copies and not more.
2) The folder of the old copies has a title including an encrypted key and it’s practically impossible to guess it. The hacker should guess the key to exploiting the old copies. On the front end, you have no traces of this plugin. So, the hacker should guess you have this plugin and guess the encrypted key.

Saving on the server is the only way to make this plugin work with premium and custom plugins.

Have a great day

Jose

Thanks Jose! This is a very clever approach to rolling back premium plugins.

I like the idea that it only saves 3 versions of plugins. I’m still a bit concerned about the security implications of potential vulnerabilities. But I agree with you that it would be very difficult to access the older version folders.

Thanks again for your work here. Really interesting!

Many thanks to you @nathaningram

About security. Let’s do an example. Imagine the plugin saves an old version of All In One WP Migration. The folder will be something that looks like
pr-a3c0ed79-7.55-ver-all-in-one-wp-migration
To access any file inside that folder the hacker needs to guess a3c0ed79.
That key is an md5 of a timestamp. It’s not possible to guess it.
For example, the main file will have a path that looks like
[main-path]/wp-content/plugins/pr-a3c0ed79-7.55-ver-all-in-one-wp-migration/all-in-one-wp-migration.php. If you don’t know a3c0ed79 you can’t guess the path of any file. And in no installation, you can see the content of the folder [main-path]/wp-content/plugins/. You have to purposely delete the index.php file that WordPress automatically installs in the plugins folder. It should be a user with FTP privileges who want to do something against the security.
The next version will also have a feature that makes sure that that file is not deleted by the user, and recreates it if absent.

I already thought about security, this is why the folders include an encrypted key. Accessing the old version folders is similar to guessing a difficult administrator password.
Of course, if you have a website you have something that can be exploited, but I can say this plugin doesn’t add more vulnerabilities than you usually have with a WordPress site without this plugin.
I can even say that it’s more probable a hacker exploits the current plugins, rather than the saved copies, because the saved copies have an encrypted title, while the current copies have a known title.