JSONP by hook libraries, and security clarification

  • Resolved pineapplepalm

    (@pineapplepalm)


    1 month, 2 weeks ago

    Hi

    1. JSONP is still used within your hooks libraries. We actually want to disable JSONP for security reasons, and would like to know if this would affect how your plugin works or will it fallback and still function well?
    2. Can you suggest any way to prevent any new snippets being created, ideally from wp-config, unless the a directive is toggled to “true” ? Use case, we’re disallowing file edits and any updates or installs from wpconfig for security reasons. However using this really useful plugin is actually a direct pipeline to bedlam if we’re ever compromised. So I wanted to know if there is a way to make it impossible to make additional snippets or edit existing ones (essentially null edits and creation) unless we explicitly want to. If not seems my only option is to enqueue muplugins.

    Appreciate feedback in advance

Viewing 1 replies (of 1 total)
  • Plugin Support markomiljanovic

    (@markomiljanovic)

    1 month, 1 week ago

    Hi @pineapplepalm,

    WPCode does not use JSONP. If you see rest_jsonp_enabled when searching the codebase, that’s simply a WordPress hook name included in our Hooks Generator list (a label used in a dropdown), not something WPCode depends on at runtime. Disabling JSONP on your site will not affect WPCode.

    WPCode does not currently include a built-in option (similar to DISALLOW_FILE_MODS) to lock snippet creation and editing across the board. This can be achieved with custom code, so please contact us and we’ll help you set it up: https://wpcode.com/contact.

    Thanks,

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.