wp_editor: Frontend media upload permission for visitors

  • jase347

    (@bastelheidi)


    1 year, 6 months ago

    Media upload button of

    wp_editor( $content, $editor_id, $settings);

    works and appears for users with upload_files capability only. I need it to display for visitors, too.

    A seperate media upload button would work for visitors (tested),
    but I need the ability to place images inside the content.

    wp_editor is placed within a frontend submission form and visitors can create posts (with pending review).
    Is there anyone who could help?

    • This topic was modified 1 year, 6 months ago by jase347. Reason: word doubled
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    Allowing unvetted users to upload files and place them in post content has significant security implications. Not only does it open up your site to hacking, it also puts your other visitors at risk should they load a malicious post into their browser. Please do not attempt to do this.

    Thread Starter jase347

    (@bastelheidi)

    Thanks @bcworkz
    I’m aware of the risk. It’s been carefully weighted so far to use additional other prevention tools (like wordfence, captcha, no auto-publish to name just a few) and the special need here to upload images without registration on the other hand (at least at this point of interaction with the website).

    I see many frontend post plugins in wordpress’ plugin directory with that capability though generelly known it is not recommended. I guess this applies specially to lack of further protection?
    It may not be representative but at least personally I observed definitely more unwelcome activities still at websites with mandatory registration (even with hidden wp-login.php) in direct comparison with a carefully protected website with visitor submission.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wp_editor: Frontend media upload permission for visitors’ is closed to new replies.