Feature suggestion : periodical email notification/reminder of security updates

Thanks for the input, Esmi and Ipstenu, I submitted it to the suggested email adress.

I submitted the idea but never got any reply, and apparently it fell to the pits. And 8 months passed in the blink of an eye.

That’s too bad, in this way the WordPress architecture is contributing to making the internet less secure, allowing deprecated plugins, with known security issues allowing malicious code execution, to stay activated on online blogs while the blog owners don’t even know there’s a problem with the plugins ??

Hello Sabinou,

I just stumbled over this thread and totally agree with you.
I had the same idea last year and created a plugin to address that exact problem, which I believe will help a lot of people to keep the sites they are responsible for up-to-date without needing to login to each site and check for updates manually.

We have a dedicated team looking for publicly disclosed vulnerabilities in dozens of different sources around the web, process and store this information. From within the plugin you can subscribe to a professional feed that will alert you per e-mail about vulnerabilities that affect your website. If you subscribe with the same user on multiple sites, you would only get one e-mail for each vulnerability but stating exactly which of your sites are affected by this vulnerability.

The plugin (MVIS Security Center) is in the beta phase now, so the subscription is free for 3 months.
We are also working on improving the e-mail notification settings to include status e-mails about plugins that have updates available in addition to informing users about vulnerabilities in WordPress, the plugins or themes. Please feel free to post features you would like to see in the support forum of the plugin itself and I will make sure that they get included.

Of course it would also be helpful to not have the plugin page disappear but have an informative page explaining why the plugin is currently disabled. Even further, maybe exposing this through the WordPress update checks to give users information if a plugin was disabled because of security vulnerabilities, similar to if an update is available for a plugin or not.

Secconsult, if I may give an advice regarding your nice plugin (I have no problems with it being a commercial plugin, I love free software, I like open source software, but I am not a free software fundamentalist), you also ought to monitor if the wordpress repository pages of the installed plugins inside a blog, to check if one of these pages suddenly disappears. If such a page disappears, that means there has been a serious reason to doubt the plugin’s reliability…

As for the rest, it’s all about hoping to catch the attention of influential worpdress community members and re-launch the debate :-/

Good point Sabinou, I’ll take a look at it and see if this can be detected reliably and how this feature can be incorporated.

Let’s cross our fingers in the meantime that this debate will be relaunched, with a better outcome ??