Vote 0

At the mercy of WordPress Plugins; how to fight back

Angsuman Chakraborty

May 11th, 2005

You are literally at the mercy of plugin authors. Be sure to treat them nice

When a WordPress plugin misbehaves you should turn it off. But the page to execute the plugin manager is also invisible thanks to the errant plugin. So finally you have no other way but to fire up phpMyAdmin.

BTW: Have you ever seen the bright red button on the top right of the phpmyadmin screen, after selecting a database, which says Drop? Don't click it, specially if you have javascript disabled. You have been warned!

After some investigation you will discover that the plugins are stored in the table wp_options as a long string (in option_value column) where option_name is 'active_plugins'. The string looks more undecipherable then hieroglyphics. Do not attempt to modify it! It will almost certainly break. This is a dead end.

There is a saving grace if you have an ftp/ssh account. Just go to wp-content/plugins directory and delete the errant plugin code.

BTW: It didn't work for me (and may not for you when you need it most) this time because in a strange way WordPress had overwritten the contents of one plugin file with another. Luckily I had a backup WordPress instance running. All in all 30 minutes downtime yesterday.

The bottomline is that you should regularly backup your WordPress installation.

Pages: 1 2

Filed under CMS Software, Headline News, How To, Open Source Software, PHP, Pro Blogging, Web, WordPress | Comment on this Article 10 Comments | Email this Article

CMS Software News

Pro Blogging News

For "WordPress Users Only" Section Started

July 12th, 2005 I have started a page dedicated to WordPress users only. Here you will find links to latest WordPress plugins, news, information, tips, how-to and guidelines.

Is there a need to upgrade beyond WordPress 1.5.1.2 in near future?

June 20th, 2005 I looked at the proposed feature set summary for WordPress 1.6. Mostly UI changes, few extra plugin hooks etc.

Free WordPress Plugin To Remove Generator Meta Tag / Version Information From WordPress Blogs

June 30th, 2008 WordPress, in recent versions, have forces the display of WordPress as the generator in meta tags along with the version information in the header of your WordPress blogs -. Unlike previous versions there is not easy way to remove it.

What Happened To Nuclear Moose?

July 19th, 2006 Nuclear Moose' website is suspended. His popular domain wp-plugins.org has expired and has been taken over by domain squatter's selling cheap airfare and insurance quotes.

WordPress 2.0 - The Horror Story and How to Downgrade

December 30th, 2005 I have been hearing horror stories across the board with WordPress 2.0 release. The wordpress forum is filled with wide ranging issues.

How To Use AdRotator Within Your WordPress Post / Page

November 17th, 2006 AdRotator Overview WordPress plugin AdRotator enables you to display an advertisement (which is randomly selected from a group of advertisements specified in a text file) at your chosen location anywhere in your WordPress blog (other free WordPress plugins we provide). Adding ad code is trvial.

WordPress 2.2 Release Fixes

May 14th, 2007 WordPress 2.2 is about to be released. Currently the release candidate 2 has the following features: PHP 5.2.2 fixes: WP importer now works in PHP 5.2.2 Workaround for PHP 5.2.2 bug that breaks XMLRPC Fixed fatal error in cache.php by flushing output buffers during shutdown.

WordPress Source Code Cross Reference w/ Commenting for Plugin / Theme / Code Developers

May 15th, 2006 We are doing extensive work with WordPress, developing plugins, themes and also modifying the code base where necessary. In the process I found it necessary to create a online cross-reference of WordPress source along with capability to annotate / comment (AJAX based) as necessary.

Top 10 Facebook WordPress Plugin

September 1st, 2009 Bloggers are increasingly using self-hosted WordPress as their platform for voicing their thoughts. Well, it's not just because WordPress is free, but there are some cool WordPress plugins that help bloggers to plug themselves to any popular site.

Command Execution Vulnerability in WordPress Affecting all Versions

August 13th, 2005 A command execution vulnerability has been found in WordPress's handling of incoming cookie information which allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On. Already a perl and php exploit is available.

Simplest Way To Backup WordPress From Browser

June 8th, 2008 Traditionally WordPress is backed up by backing the database and the files separately, if required. WordPress 2.5.1 introduces a much simpler way to backup the database in xml format on your desktop.

Free WordPress Plugin To Disable wlw_manifest & EditURI Link From WordPress Blog Header

June 29th, 2008 Newer versions of WordPress (2.3.1 and above) adds two extra lines to your blog header. They are: You need them to use Windows Live Writer to write to your WordPress blog.

WordPress 2.3 Beta 1 Released...

August 30th, 2007 WordPress team has released version 2.3 after 3 months of "feverish" work. It is obviously targeted for the adventurous and savvy to test and provide feedback for the final release.

WordPress Plugin to Make your Blog Temporarily Unavailable for Maintenance

June 16th, 2005 Overview This Plugin allows you to make your blog temporarily unavailable to your users (with custom message). It is still accessible by the administrators.

How To Use XDForum in WordPress Blogs With Nice Permalinks

October 30th, 2006 XDForum (example: Anaconda Forum) is a nice basic forum software which works seamlessly with WordPress blogs (download our free theme and plugins). Unfortunately it works out-of-the-box with default permalinks only.

Thomas Says:
May 11th, 2005 at 1:58 pm

Nice Article..

I like your wordpress articles. You seem to be quite knowledgeable on the inner and outer workings of this baby. Keep up the good work.

I can see your Wordpress Feed updates in my klipfolio reader (www.klipfolio.com)

As far as plugins, so far no major problems.. the only thing I worry about is if I put too many of them in my blog that there will be incompatibilities amongst them. In addition, I fear that when I upgrade to next wordpress version, if I have too many plugins it will screw me over… But so far everything is smooth.

Regards,
tom

Thomas Says:
May 11th, 2005 at 2:00 pm

Forgot to say, in case you want added publicity for your blog, consider adding yourself to the klip folio database. It is a good way to get added exposure:

http://www.serence.com/provider.php

angsuman Says:
May 11th, 2005 at 6:46 pm

@Thomas I registered as a provider. It is just so much complicated to create a klip. And then they do not explain clearly upfront, what in the hell is a klip!

It looks over-engineered at first glance. I might give it a try again later.

yk Says:
May 12th, 2005 at 7:41 am

Well said. No doubt someone experienced would be able to fix misbehaving plugins it does screws the non-geeks over.

How then would you propose a solution that offers security and fail-safety together with the existing simple ease of implementation? I’m really interested to find out.

angsuman Says:
May 12th, 2005 at 12:57 pm

In Java World we could allow the plugins to be executed in a limited rights environment or sandbox. So the plugins from unknown source cannot do anything nasty.

Secondly even if a plugin fails the site should continue. Again in Java world we achieve this by catching the execptions generated by the plugin, logging them, and move on to execute other plugins. The page should still display, albeit with reduced functionality.

This is in essence what we need for plugins. In php world it is much harder to achieve. So the fallback option is to have a public reveiew system of plugins and use only the ones with good reviews.

Secondly we should always test the plugins in a test enironment before deployment.

Personally I prefer to look in the plugin code also to ensure something strange isn’t going on.

Christopher Thompson Says:
May 13th, 2005 at 8:43 am

“In php world it is much harder to achieve.”

It actually is not hard to achieve, it just is of little interest in this application. I doubt that the Wordpress developers target audience are grumpy Java developers who can’t figure out the PHP error settings. Either log them or set them to print please.

angsuman Says:
May 14th, 2005 at 5:33 am

@Christopher I think you misunderstood the comments. It is about running plugins in a secure sandbox, which is much harder to do in php then in Java. I wasn’t talking about error settings.

Denis de Bernardy Says:
May 16th, 2005 at 10:49 pm

I think the plugin system, while very powerful, is fundamentally flawed. I find that calling apply_filters on a field is rather irritating. I would _much_ rather apply_filters to a post, because sometimes, you simply need to filter a field differently based on the surrounding data. And this would make the plugins work better outside the loop.

Btw: Which plugin we should stay away from?

angsuman Says:
May 16th, 2005 at 11:34 pm

@Denis de Bernardy
I agree.

My plugin problems was with a rss aggregator plugin. In all fairness I had some settings wrong. However the way it bailed on me, bringing down the whole site made me realize the mine field we are sitting on

Plugins are like Business Rules. One flawed business rule cannot bring down a BR engine. Similarly one errant plugin shouldn’t be able to bring down the site.

Simple solutions for complex problems.

At the mercy of WordPress Plugins; how to fight back

CMS Software News

Pro Blogging News

Topics (map)

Taragana Network

Blog Stats

Translate

Poll

Latest Tweets

Open Source Software

WordPress

Latest Friend Feeds

Pro Blogging

Open Source Software