Navigation
Archive / Did X change the way theme plugins are installed?
This is archived content. Visit our new forum.

Tagged: 

  • Author
    Posts
  • April 16, 2016 at 3:23 pm #886075
    herko
    Participant

    I’ve set my development server to be strict on what gets rights to install anything. So I install any and all plugins via SSH, and I need to enter my account info every time I update anything through WordPress’ regular update process. This way I have installed several plugins through X’s add-on interface, that was using WordPress’ standard install routines.
    But that has changed. Now X seems to handle the install by itself. It assumes it has rights to the plugins folder (making the server vulnerable), and does not fall back anymore on WordPress’ standard install code, that enables me to connect to the server via SSH.

    Is this a WP4.5 change, or an X 4.2.2 change?

    April 17, 2016 at 10:06 am #886814
    Rupok
    Member

    Hi there,

    Thanks for writing in! That’s already mentioned on our Changelog (X Theme 4.4.0 – Notes) :

    The streamlined onboarding process begins even before you see the new admin interface by installing Cornerstone automatically for you. As Cornerstone is a required plugin when using X, we have found that sometimes users will encounter issues by forgetting to install Cornerstone after activating X, which can lead to visual problems when downloading demo content, setting up pages, et cetera. We have been able to eliminate this step completely so that when you now activate X under the new system, Cornerstone is automatically installed and ready to go. Hooray for automation!

    Hope this helps.

    Cheers!

    April 18, 2016 at 4:35 am #887883
    herko
    Participant

    Hi Rupok,

    So, let me get this right. Because Cornerstone *needs* to be installed, you bypass the default WordPress plugin install routines entirely for any and all addons?

    I have a dev site that has Cornerstone installed and working fine. Now I want to install the Slider Revolution addon. But instead of WordPress’ default plugin install page, where I get to select (S)FTP or SSH as the preferred upload options, enter my credentials and have Wordpess’ default routines install the plugin for me _without compromising the security of my site and server by giving the system full write access to my plugins folder_, I get an error message stating that the plugins folder is not writable. Yes, that is what I set it up for.

    I know I can upload the plugin via SSH or SFTP myself, activate it and be done. But that is not the issue here. The issue is that there’s perfectly useful, safe, tested and maintained default install routines in the wordpress core, that you have circumvented because of … yay for automation?

    April 18, 2016 at 6:43 am #888071
    Paul R
    Moderator

    Hi,

    Please note that the extensions can only be installed if your site is validated.
    Everything is still the same and in accordance with wordpress standards. We just need to check first that you are validate.

    Hope that makes sense.

    April 18, 2016 at 8:42 am #888269
    herko
    Participant
    This reply has been marked as private.
    April 18, 2016 at 4:24 pm #888964
    Darshana
    Moderator

    Hi there,

    Your issue is related to your server configuration. I have seen few other members having this issue. Please refer to the following post for more information (https://community.theme.co/forums/topic/unable-to-install-extensions-3/page/2/#post-871800).

    Let us know if that helps in your situation.
    Thanks!

    April 19, 2016 at 1:40 am #889385
    herko
    Participant

    Hi Darshana,

    I understand that with the number of forum posts and requests for support you have to deal with, a cursory read of each post and a quick reply is the first course of action.

    Thing is, the three (!) replies that I have gotten (from three different themeco ppl), all seem to ignore what I’m writing and just go for the first thing they recognize.

    NO: this isn’t a server configuration issue. I have configures the server so the plugins folder isn’t writable by the system by default. That makes the whole site and server safe, because even if someone gains access to the site, they cannot install anything on the server that isn’t already there.
    And this isn’t a problem for WordPress, despite what you seem to believe. As I have demonstrated in my attachments, WordPress Core’s default way of handling uploads when the folder isn’t writable, is to present a screen with upload options, with FTP, SFTP and SSH. For all these, you need to input your credentials (which I do have). This works perfectly fine and is safe and secure.

    So here’s my question (again): why can’t I select the preferred upload method (offered by WordPress Core when uploading a new plugin) when adding an extension/addon in X-theme’s add-on management page?

    I hope this time it is more clear…

    Herko

    April 19, 2016 at 7:27 am #889895
    Jack
    Keymaster

    Hi there Herko,

    Thanks for writing in! And for the additional clarification.

    The new install process, bypasses the standard WordPress plugin install/add method (the standard screens you see when say uploading a ZIP or when adding a plugin via plugins > add new, from WordPress.org).

    Our new method, downloads the plugin from our servers and then installs (but doesn’t activate) it, on your site. Though as you’ve seen this process requires write permissions.

    Currently the only way around it would be to download the full package from your Themeforest account and unzip the extensions in the full package and transfer them via FTP or upload the zip. For the sort of setup you have, the automatic installation won’t work.

    I’ll add a note, so we can take a look at this and see if it’s something we’ll be able to support in the future.

    Thank you!

  • Author
    Posts
  • <script> jQuery(function($){ $("#no-reply-886075 .bbp-template-notice, .bbp-no-topic .bbp-template-notice").removeClass('bbp-template-notice'); }); </script>