I thought about it and came to the conclusion that allowing unregistered guests to post (without media upload) is as far as you should go. By allowing unregistered users to upload media (or any other file) you open the door to various problems – with malicious code the worst of them. It’s a case of simplicity vs security. And I think it’s a wise move to put more weight on security. Imagine your site becomes very popular – and we all want popular websites, right? – with just a few hundred posts a day. Are you really prepared to inspect all those posts and attachments in detail? This is what you have to do if you open up to guests completely.
Now, if you have users that have to contribute something valuable to your site do you really think that it’s a big annoyance for them to register once and login afterwards?
You might be an experienced WordPress user and web admin who knows how to solve the problems created by a plugin which is way too open. But do you think this applies to all the users that downloaded this plugin so far? I believe the majority of users expect any plugin to be secure. If I open up to guest uploads this plugin by itself won’t be secure anymore. If someone less experienced uses it and disaster strikes he or she will ultimately blame the plugin. Not good.
Maybe there is a way to allow this kind of media uploads and still be on the safe side? I have no idea yet. Any suggestions?
