Is "evonapluginconfig" folder from this plugin?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Erikvona

    (@erikvona)

    Yes.

    To be honest, the separate plugin config folder could’ve been avoided. I made it because it allows for managing of the config files (if the plugin gets deleted, you can choose to keep or delete the config files, for now it always deletes them. If I put them in my plugin folder, WordPress doesn’t allow for preserving config files when a plugin gets deleted).

    In the future I might make an update to move all the config options to the database. For now I haven’t done this yet because on my web server there is a minimal increase in page load time if I do.

    As far as I know, storing my config files in a separate folder doesn’t really have a disadvantage over storing them in the same folder, except that the plugin has to remove the files and folder upon deletion, which mine does, and there are no security risks in it. I don’t really see why your security plugin marks this as an issue. Obviously, if I was allowing for PHP code to be written in my config files, it might be a different case, and maybe the security plugin can’t differentiate.

    Thread Starter WayneM1

    (@waynem1)

    Thanks for your reply. All that makes sense and seems reasonable.

    Here’s why the security plugin marked the folder as suspicious:

    A hidden or empty plugin folder is a plugin the exists in your /plugins/ folder, but is not displayed on the WordPress Plugins page. A hidden plugin can be used as a hacker backdoor to gain access to your WP Dashboard, hosting account, create user accounts, completely control your website and hosting account, etc.

    I’m satisfied that the folder your plugin created is fine.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is "evonapluginconfig" folder from this plugin?’ is closed to new replies.