Title: [Plugin: My FTP] security patch – restrict navigation to wordpress folder
Last modified: August 20, 2016

---

# [Plugin: My FTP] security patch – restrict navigation to wordpress folder

 *  Resolved [nexus5](https://wordpress.org/support/users/nexus5/)
 * (@nexus5)
 * [14 years, 11 months ago](https://wordpress.org/support/topic/plugin-my-ftp-security-patch-restrict-navigation-to-wordpress-folder/)
 * MyFTP is a high security risk because it allow navigation through the whole webserver.
   Here is a security patch to restrict navigation to the wordpress folder:
 *     ```
       @@ -154,6 +154,13 @@
   
          $pDir = pathinfo($dir);
          $parentDir = $pDir["dirname"];
       +  /* nexus5 security patch */
       +  function startsWith($haystack, $needle)
       +  {
       +    return strpos($haystack, $needle) === 0;
       +  }
       +  if (!startsWith($parentDir, get_home_path())) $parentDir = get_home_path();
       +  /* nexus5 security patch */ 
   
        ?>
          <div id="subForm">
       ```
   
 * [http://wordpress.org/extend/plugins/myftp/](http://wordpress.org/extend/plugins/myftp/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [Ken Dirschl](https://wordpress.org/support/users/badfun/)
 * (@badfun)
 * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-my-ftp-security-patch-restrict-navigation-to-wordpress-folder/#post-2193354)
 * thanks for this nexus5. This is a great quick fix.
 *  [Ken Dirschl](https://wordpress.org/support/users/badfun/)
 * (@badfun)
 * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-my-ftp-security-patch-restrict-navigation-to-wordpress-folder/#post-2193355)
 * another hack is to remove the ‘up one level’ link, since there is already a ‘
   back one level’ link. Not elegant, but another fix.
 * line 185
 * `<li><a href='" . $_SERVER["PHP_SELF"] . "?page=MyFtp&dir=$parentDir'>Up One 
   Level</a></li>&nbsp;&nbsp;&nbsp;`

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: My FTP] security patch – restrict navigation to wordpress folder’
is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/myftp.svg)
 * [My FTP](https://wordpress.org/plugins/myftp/)
 * [Support Threads](https://wordpress.org/support/plugin/myftp/)
 * [Active Topics](https://wordpress.org/support/plugin/myftp/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/myftp/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/myftp/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Ken Dirschl](https://wordpress.org/support/users/badfun/)
 * Last activity: [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-my-ftp-security-patch-restrict-navigation-to-wordpress-folder/#post-2193355)
 * Status: resolved