Imagine you support 20-50 WP (CP) sites and they all use a plugin “Lorem ipsum”. For example, for customizing permalinks. One day someone finds a vulnerability and forces its disabling. Permalinks are broken even without flushing rewrite rules. In a late night (timezones, yep) all of your sites are going down, building mad sitemaps, responsing 404 to indexed links etc. And crawlerbots joyously considering all that. (Keep in mind that some of you clients spend $500-2000 per month on SEO in highly competitive niches achieving the results with tiny steps, spending years to become a leader). Well, in the early morning your phone suddenly rings 20-50 times. Your clients have some questions about what the heck is going on. They are upset or really angry. And you say: “Oh… Well… I don’t know… Maybe someone disabled some plugins to save us from potential threats…”. Even writing this story makes my fingers tremble. It would be a ******* disaster, I think
So there is really no choice. Ruining one’s site to protect him from hypothetical harm is absolutely unacceptable. I’m not sure if it is even acceptable with direct user permission.
The only proper action in that case is notification + quick fix. Throw a message, send email, mark plugin with a red background, send SMS, shout at my window — whatever. But don’t even think to disable something on my site. I am responsible for it’s health (financial risks, reputational risks) and l have to make all related decisions myself depending on concrete situation and priorities. CP should never perform any actions without direct user request.
P.S. 99% of vulnerabilities I deal with are not risky and absolutely not urgent. Those threats are rather theoretical. And none of them could break all my sites at once like the offered security measures. I usually have plenty of time to fix a problem in a calm manner or even wait till security update releases. Talking honestly, it’s cheaper to restore backups rather then building an “absolute” protection for each potential threat in most cases. The real troublemakers for small projects are usually not “hackers”, but “protectors”. And a human factor, for sure.
P.S. Personally, I think that if project really needs HIGH security level, it should not use WP at all. It should use a custom CMS (no public exploits available, no third-party code etc), secure hosting, cryptography etc. I’d say these sites are often static and have no usual CMS at all (pages are generated in local environment, one-way channel). So when we talk about “high security” we usually mean an average hygienic things, and not paranoic-alike situations where each vulnerability is absolutely critical and requires heroical emergency rushes.
In fact there are vulnerabilities on my sites. Plenty of them, always. And it’s ok. Even using my nickname as a login is quite insecure. But all that stuff is theoretical. In practice, 0,0001% chance of a small trouble is not worth limitation of freedom to avoid it.