I’m somewhat new to the Bedrock setup and I was reading the following on Bedrock’s homepage:
“By default, Bedrock disables the ability for plugins and themes to be added, removed, or modified on non-development environments.”
Does this measure exist mainly to prevent that environments installed plugins and themes get out of sync, or is it also a security measure as there is simply no way to install a plugin? I was wondering for instance if this also prevents any installation of files if a website would be entered by brute force.
Thanks for the reply! The 12 factor app methodology sounds very interesting to read, which I will dive into.
Security is not my main concern perse, but when reading about potential risks within the WP ecosystem the brute force entrance is something that pops up often. I thought that perhaps disallowing to alter / update plugins and themes code could help reduce this risk as nothing can be installed on production environments.