Server info exposed
-
We run a “walled-garden”-style multisite with ~1800 blogs where blog admins are not able to manage files on the server or install plugins. This plugin exposes too much server info at /wp-admin/admin.php?page=newsletter_system_status e.g. server paths, PHP version, SSL version, DB table name, and a list of all plugin versions.
It also exposes logs from other blogs at /wp-admin/admin.php?page=newsletter_system_logs . Thirdly, the “Debug mode” setting re-routes PHP errors for all blogs, and the performance impact will affect other blogs.Is there a way to disable these, or restrict them to network admins (instead of blog admins)?
Thanks!
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Server info exposed’ is closed to new replies.
