Title: [Plugin: Code Snippets] Plugin uses eval() – security concern Last modified: August 20, 2016 --- # [Plugin: Code Snippets] Plugin uses eval() – security concern * [WebEndev](https://wordpress.org/support/users/munman/) * (@munman) * [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-code-snippets-plugin-uses-eval-security-concern/) * Hi Shea, * I noticed that the plugin uses eval(), and while my skills in PHP wouldn’t be classified as ‘expert’, from what I understand this is a security concern. * The plugin stores the snippets as text data directly in the database, and then executes them from there. While this is probably great from a performance standpoint, it opens the door to security risks, and also if you would happen to get a bad snippet, it could shut down your site (of course you could FTP into the site and remove/rename the plugin to fix it). * I do love the way the snippets are stored and organized in the WP admin. But maybe there is a better way doing this? * Thanks * [http://wordpress.org/extend/plugins/code-snippets/](http://wordpress.org/extend/plugins/code-snippets/) Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Shea Bunge](https://wordpress.org/support/users/bungeshea/) * (@bungeshea) * [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-code-snippets-plugin-uses-eval-security-concern/#post-3012242) * Perhaps… * If you have a better way to store and execute snippets, let me know. I will also have a think about it. * There is a way to stop snippets from executing, while keeping the Code Snippets plugin active (so you can go in and deactivate the faulty snippet); [read more here](http://cs.bungeshea.tk/docs/safe-mode/). * To do this, add the line `define('CS_SAFE_MODE', true);` to your `wp-config. php` file. * Plugin Author [Shea Bunge](https://wordpress.org/support/users/bungeshea/) * (@bungeshea) * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-code-snippets-plugin-uses-eval-security-concern/#post-3012375) * > Please discard the above post * Perhaps… * If you have a better way to store and execute snippets, let me know. I will also have a think about it. * There is a way to stop snippets from executing, while keeping the Code Snippets plugin active (so you can go in and deactivate the faulty snippet); [read more here](http://code-snippets.bungeshea.com/docs/safe-mode/). * To do this, add the line `define('CODE_SNIPPETS_SAFE_MODE', true);` to your ` wp-config.php` file. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘[Plugin: Code Snippets] Plugin uses eval() – security concern’ is closed to new replies. * ![](https://ps.w.org/code-snippets/assets/icon.svg?rev=2148878) * [Code Snippets](https://wordpress.org/plugins/code-snippets/) * [Frequently Asked Questions](https://wordpress.org/plugins/code-snippets/#faq) * [Support Threads](https://wordpress.org/support/plugin/code-snippets/) * [Active Topics](https://wordpress.org/support/plugin/code-snippets/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/code-snippets/unresolved/) * [Reviews](https://wordpress.org/support/plugin/code-snippets/reviews/) ## Tags * [eval](https://wordpress.org/support/topic-tag/eval/) * 2 replies * 2 participants * Last reply from: [Shea Bunge](https://wordpress.org/support/users/bungeshea/) * Last activity: [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-code-snippets-plugin-uses-eval-security-concern/#post-3012375) * Status: not a support question