PlugSeal gives administrators granular control over what each active plugin is allowed to do, inspired by Android app permissions and Flatseal for Flatpak. Each active plugin is listed in the settings page. For each plugin, administrators can allow or deny individual permissions with immediate effect. All permissions are allowed by default, so no existing functionality is broken until an administrator explicitly restricts it.<\/p>\n\n
Permissions covered:<\/strong><\/p>\n\n Honest limitations:<\/strong><\/p>\n\n This plugin intercepts official WordPress APIs by identifying the calling plugin via the PHP call stack. It cannot intercept calls made by WordPress core on behalf of a plugin \u2014 for example, when WordPress processes a settings form via Specific limitations:<\/p>\n\n No. Multisite is not supported in this version.<\/p><\/dd>\n Data is preserved by default. To delete all data on uninstall, enable the option in the settings page before deleting the plugin.<\/p><\/dd>\n Yes, if a plugin makes direct database connections or filesystem calls without using WordPress APIs, or if WordPress core processes actions on its behalf. These are known limitations documented above.<\/p><\/dd>\n\n<\/dl>\n\n\n\n
db:read<\/code> \/ db:write<\/code> \u2014 database queries via $wpdb<\/li>\ndb:read:users<\/code> \/ db:write:users<\/code> \u2014 read and write access to user data (also covers wp_delete_user and wp_update_user)<\/li>\nhttp:outbound<\/code> \u2014 outbound HTTP requests via the WordPress HTTP API<\/li>\noptions:read<\/code> \/ options:write<\/code> \u2014 WordPress options via get_option \/ update_option (see limitations)<\/li>\nemail:send<\/code> \u2014 sending email via wp_mail()<\/li>\ncron:write<\/code> \u2014 scheduling events via wp_schedule_event()<\/li>\ntransients:write<\/code> \u2014 writing transients via set_transient()<\/li>\nusers:create<\/code> \u2014 creating users via wp_create_user() (updates and deletes are covered by db:write:users)<\/li>\nrest:register<\/code> \u2014 registering REST API endpoints via register_rest_route()<\/li>\nshortcode:register<\/code> \u2014 registering shortcodes via add_shortcode()<\/li>\nrewrite:register<\/code> \u2014 registering rewrite rules via add_rewrite_rule()<\/li>\nadmin:menu<\/code> \u2014 adding entries to the admin menu and submenus<\/li>\ndashboard:widget<\/code> \u2014 adding dashboard widgets via wp_add_dashboard_widget()<\/li>\nhooks:frontend<\/code> \u2014 hooking into frontend hooks (wp_head, wp_footer, the_content, wp_enqueue_scripts...)<\/li>\nhooks:admin<\/code> \u2014 hooking into admin hooks (admin_head, admin_notices, admin_enqueue_scripts...)<\/li>\nhooks:auth<\/code> \u2014 hooking into authentication hooks (wp_login, wp_logout, user_register, authenticate...)<\/li>\nhooks:content<\/code> \u2014 hooking into content hooks (save_post, delete_post, pre_get_posts, wp_handle_upload...)<\/li>\nhooks:lifecycle<\/code> \u2014 hooking into plugin and theme lifecycle hooks (activated_plugin, deactivated_plugin, switch_theme...)<\/li>\n<\/ul>\n\noptions.php<\/code>, the call stack contains core files rather than the plugin files.<\/p>\n\n\n
options:read<\/code> \/ options:write<\/code> \u2014 work when a plugin calls these APIs directly from its own code (hooks, AJAX, cron). Do not block standard WordPress settings forms processed by options.php<\/code>.<\/li>\nfile_get_contents<\/code>, fopen<\/code>, etc.) is not intercepted.<\/li>\nmysqli<\/code> connections, eval()<\/code>, and raw PHP file functions bypass all interceptors.<\/li>\nwp_update_user()<\/code> and wp_delete_user()<\/code> are covered by db:write:users<\/code> since they write directly to the users table.<\/li>\nadmin_init<\/code> is intentionally excluded from hooks:admin<\/code> as it is too critical to block safely.<\/li>\n<\/ul>\n\n\n\n
plugseal<\/code> folder to \/wp-content\/plugins\/<\/code>.<\/li>\n\n
Does this work with Multisite?<\/h3><\/dt>\n
What happens to my data if I uninstall the plugin?<\/h3><\/dt>\n
Can a plugin bypass this system?<\/h3><\/dt>\n
0.1.0 - 2025-04-25<\/h4>\n\n
\n