[Plugin: BFT Autoresponder] Security Alert

  • Resolved Rangga

    (@jurnalkreatif)


    13 years, 4 months ago

    hi guys.. lately i been care alot about Wp security since my blog were been hacked alot of time this month..

    i like bft-autoresponder but websitedefender.com alert me with this note :

    “One or more include files with .inc extension were found on your website. Because files with .inc extension are not processed by PHP, an attacker can read the contents of this files by requesting them dirrectly. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.
    URL : https://xxxxxxxx.com//xxxxxly/wp-content/plugins/bft-autoresponder/bft_hook.inc

    It is recommended to use another extension (maybe .php, or .php.inc) for these files.
    Another option is to create an .htaccess files that will prevent the server from serving these files.
    To do this create an .htaccess file with the following content.

    <Files ~ “\.inc$”>
    Order allow,deny
    Deny from all
    </Files>

    is this plugin realy save or it just some false alarm.
    what should i do?? is it okey if i put those script on my .httacces file?? if yes, will this plugin still work?? because i love this plugin alot..

    thanks in advance for the help

    https://www.ads-software.com/extend/plugins/bft-autoresponder/

Viewing 1 replies (of 1 total)
  • Plugin Author Bob

    (@prasunsen)

    The plugin is safe, the .inc file just contains the email sending function. Even if someone download it, there is nothing they can do with it.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: BFT Autoresponder] Security Alert’ is closed to new replies.