Block installation of specific plugins on a server level (CentOS 6 x64)

Easy and only way, don’t let users install their own plugins.

All software have security issues, therefor all plugins are insecure in one way or another, therefor it is pointless to talk about general “security”, security should be discussed in context, and a plugin having a permission escalation bug is unsafe to use in multi user enviroment, but perfectly ok in a single user setting.

If you want to control the safety of plugins used by your users, the only way is to inspect them yourself (or pay some security service), set them as installed plugins for all sites and let the site owner just activate them while denying the ability to install new ones.

Related Posts:

  1. Secure WordPress paid plugin
  2. Overriding single plugin translation
  3. What are some examples of well-written plugins that exemplify wordpress plugin best practices? [closed]
  4. Adding Image in readme.txt file of wordpress plugin
  5. Saving Plugin settings to the database
  6. Plugin uninstall: why run dbDelta after $wpdb->query($drop_sql)
  7. $wpdb->get_results() does not fetch results with unicode ‘WHERE’ clause
  8. How can I call plugin function from a custom template?
  9. plugin suggestion for barcode
  10. Adding with javascript to admin bar. Works in Chrome/Safari, not Firefox
  11. What plugins are in use on wordpress.com [closed]
  12. WordPress plugin installation
  13. Get image URL from media library in input
  14. What is the best way to move a plugin´s subdirectory+files to wp-content/uploads-directory?
  15. WordPress custom URL Rewrites redirecting not masking
  16. How could I execute my plugin just in frontend (not in backend)
  17. Multiple Instances sharing the same database in a development environment
  18. Can I upgrade plugins via FTP?
  19. get_option compatible with wordpress network (multisite)?
  20. Create a plugin with Calendar picker
  21. I’m trying to update user meta but is always 1, What I doing wrong? [closed]
  22. Are these wp-content permissions safe?
  23. Disable all scripts and styles from NextGEN Gallery? [closed]
  24. Detect permalinks when passing querystring in REST API requests
  25. Getting value from Advanced Custom Fields [closed]
  26. Layout Plugin Admin Pages: Use BootStrap? [closed]
  27. Using WP Category Lists Plugin to Dynamically Display Category (PHP)
  28. Adding sections in the ‘Pages’ post type
  29. AJAX in plugin wp_send_json() sending html
  30. How do I network enable a plugin for a multisite install via the database?
  31. WP_Error with multiple form validation message
  32. Updated 4.3 Getting Error: Warning: call_user_func_array() expects parameter 1 to
  33. Ordering taxonomies by rank
  34. Embed plugin into Custom Page Template
  35. My homemade plugin is trying to update to someone else’s plugin
  36. Retrieving links and names of images from a NextGEN gallery [closed]
  37. Plugin development: what to prefix?
  38. Submit Form data to another page via Ajax (WordPress Way)
  39. Getting taxonomy images to display on single-post with their terms
  40. Where to populate custom terms in custom taxonomy in plugin?
  41. Is changing post from category in a large blog a good practice?
  42. Contact Form 7 – Show image on successful send? [closed]
  43. Send email to multiple addresses on Contact Form 7, but exclude personal details on all but one
  44. Display site language setting in source code
  45. simple-job-board Plugin throws an error on live server [closed]
  46. Do I need a backup plugin if I’m already backing up via cPanel?
  47. oAuth2 Authentication in WordPress using WP OAuth Server and WP API plugins
  48. WP::is_main_query() Not Working
  49. post_content is empty
  50. Widget where it can make changes to the container
  51. WordPress – “tag page” additional, custom content
  52. Making a Contact Form 7 calendar entry “required” [closed]
  53. W3 Total Cache plugin chronic message
  54. How to prevent plugin, theme installation failures on WordPress?
  55. How to add a PW Gift Card to a Woocommerce Order request API?
  56. Get all image in media Gallery with alt/title?
  57. WP Function does not trigger on Webhook API Call
  58. In a plugin, How to update a json file using ajax
  59. how to add custom culomn to add user wordpress in plugin
  60. How to add specific script to WordPress webpage that will working with user input and databases
  61. Displaying different content depending on variable
  62. Found wp_deregister_script WARNING in redux framework plugin
  63. After reading 3 story by user ask for subscription popup
  64. Pay Employee via WordPress
  65. Fatal error: Uncaught Error: Call to undefined function
  66. How to echo a PHP Code After the Content
  67. Display information from metabox
  68. Share on social media created listing after submission
  69. Ajax call fails and returns [object Object]
  70. Create Biographies
  71. How to link file or image from wordpress plugin dir to theme by using themes function.php, is it possible?
  72. Direct URL to a template via plugin
  73. Which One Is Better For Managing Add Ons For Extensible Plugin?
  74. WP REST API Access-Control-Allow-Origin response is cached
  75. How to `remove_action` from plugin
  76. How to add php stylesheet to admin section instead of admin_head hook
  77. How to tell which Plugin is displaying?
  78. functions.php conditional output for a single plugin
  79. Wp Pagenavi how to display all results
  80. Posts are deleted everyday at night
  81. Get Core Functionality from Within a (Secondary) Plugin File
  82. Single dash converted to double dash
  83. How to provide access to specific plugin to all the user roles except subscriber in wordpress
  84. Output pure JSON wordpress
  85. WordPress plugin add_filter returning a link does not work. What is the correct way?
  86. How to create separate shop pages in woocommerce for each product category [closed]
  87. fatal erro in one line if statment in wordpress plugin [Solved]
  88. Add different sizes packaging boxes to orders plugin
  89. Can’t use updated variables in handle function
  90. Change email notification language based on the site language in WPForms
  91. Relationship field only loads items to administrator
  92. Is it possible to create post in wordpress using postman?
  93. How does one add numbers to an admin menu?
  94. Frontend Enqueued Files in the Backend
  95. Looking for an “animated hero” widget or tech on a WP site
  96. Remove posts that start with similar words (like a delete duplicate posts plugin)
  97. _sold_individually value change when add to cart
  98. How to verify/test that a custom built wordpress theme is as secure as possible?
  99. How is wp_admin_notice supposed to work?
  100. Draft standard post by ACF Data picker