Most of us are used to installing plugins directly from the WordPress.org plugin repository. This is the “official” list of available add-ins, and everything hosted there is guaranteed to be GPL.
But occasionally developers will list beta releases and non-GPL plugins on their own sites. To install these, you have to download a ZIP file, then either upload it to WordPress through the plugin installer or via FTP. For the unaware, it can be a complicated process because there’s no one-click setup.
So what would be the potential benefits and drawbacks of enabling one-click plugin installation from any site?
I’m thinking something along this process:
- You go to a site hosting a cool plugin.
- You enter your blog’s address (
http://mycoolwordpressblog.com
) in a box somewhere. - An oAuth-type box pops up asking you to log in to your blog.
- Once you’re authenticated, the plugin is added to your site automatically and you’re given the option to activate it.
I suggest oAuth so that you only log in to your site (I don’t want to give my admin credentials to someone I don’t know), but there might be other ways to do it. Remotely uploading the plugin could likely happen using WordPress’ built-in XML-RPC system since it already allows you to upload files.
Ideas? Comments? Feedback?
Also look into this tool – http://markjaquith.wordpress.com/2010/07/24/plugin-installer-tool/
I think this would bring up some major security issues, look at all the malware you find in “free theme” mills.