I found a huge security issue with WordPress

  • dmbware

    (@dmbware)


    15 years ago

    If you are a developer and are hosting a WP blog in such a manner /blog, WP admin users can load in FTP and get full access to the entire root directory. If you leasing a system this could be a huge problem for you as a developer. I am trying to figure out a way to either deactivate the plug in function in WP, or stop these plug-ins, FTP from gaining ftp access.

    Any Ideas ?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator cubecolour

    (@numeeja)

    A somewhat unnecessarily alarmist thread title I think. The security issue has more to do with with your process rather than with WordPress. If you are giving people admin access to a WP installation where you have different customers’ installations in the same hosting account, I would expect it to behave like this. I would not consider it a problem with WordPress at all.

    You could use a plugin such as capability manager and grant the rights people actually need. Make a new role called manager or something for them with just the rights they actually need.

    MichaelH

    (@michaelh)

    Since you started another topic, let’s keep the discussion there:

    https://www.ads-software.com/support/topic/376883

    Otherwise read FAQ_Security.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘I found a huge security issue with WordPress’ is closed to new replies.