Given that some WordPress plugins contain considerable security vulnerabilities, we are currently considering blacklisting a few of the most dangerous plugins. We would like to do this on a server level (CentOS 6 x64, WHM). What would be an efficient way to identify blacklisted plugins? We do not like the idea of searching for plugin directory names as users could easily rename the plugin folders. Instead one possible way would be to go through each of the CentOS user directories, search for wp-config.php files, extract database login information, connect to the related mysql database and look into the option that contains all active plugins.

However, even as a CRON job, iterating through all directories searching for the wp-config.php files and then connecting to the MySQL databases sounds extremely resource intensive. We wonder if there is a more efficient way to simply block the installation of certain WordPress plugins for all cPanel/CentOS users?

Read more here: Block installation of specific plugins on a server level (CentOS 6 x64)


Solution:

If you know the solution of this issue, please leave us a reply in Comment section, to update the question.


Wordpress related questions and answers: