Lockout Mechanism for unused themes and plugins

Here is a thought: How about a system to move themes and plugins to cold storage when not activated?

The genericons issue brings up a serious issue with the way plugins and themes are kept in wordpress – they are open and can be directly accessed to any and all. Since Twentyfifteen is in the default package, that theme (and all it’s files) generally exist on every wordpress install, even if it’s not in use. The automated update system will reinstall it if you remove the theme.

For many (if not most) wordpress installs, the defaults themes are not in use. Unless careful, pretty much every wordpress install I have seen has any number of themes and plugins not activated and just sitting around, getting stale.

Anyway, my proposal would be to come up with a way to take an inactive theme, and either move it to a cold storage (ie, not accessible to the public) or to neutralize it (make it unable to execute), perhaps by tacking a .cold or .stor on the end of every file in the theme. When you want to activate it, the process is reversed.

The same should happen for plugins, which would render the code inoperative and inaccessible.

As a final touch, a compatibility and security check before unfreezing stuff would be good as well. Keeping people from turning on a theme with a known security issue or a plugin that is seriously out of date or incompatible would be a real plus.

As a side note, I also think that wordpress needs to have a truly DEFAULT theme that is the very basics of a theme only, with no extra bells and whistles. Literally the absolute minimum possible to render pages, with nothing else at all. No icons, no sliders, not extra anything. Just a very basic theme that can render page into text. Right now, the “defaults” are a bit too complex for their own good.