Title: [Plugin: NextGEN Gallery] Security Issues Suggestions Last modified: August 19, 2016 --- # [Plugin: NextGEN Gallery] Security Issues Suggestions * [Oliver Krautscheid (oliversk)](https://wordpress.org/support/users/soliver/) * (@soliver) * [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-security-issues-suggestions/) * Hi, * I love this plugin, however I want to make some suggestions regarding security issues and features. * **1.** Remove completely or hackers will know the version **2.** Add warnings that folders are still writable. **3.** Allow us to disable and or remove upload scripts like - upload.php media-upload.php addgallery.php * I commented out //require_once (dirname (__FILE__) . ‘/admin/media-upload.php’); in nggallery.php to disable the scripts. * **4.** Find solution to avoid 777 to add galleries. I know that creating subfolders requires write permission, but I am sure it is possible to avoid it or make it more secure. * I am pretty sure that someone can abuse the scripts and gain access quickly when folders are still 777, as this happened to me before and a lot of gallery were deleted. * **5.** Please improve the search function and allow us to search for galleries instead of images. I have 50 pages of galleries, how am I supposed to find any album and add new images to it? * **6.** Please improve the album.php and add checkboxes to add galleries to an album. The current album manager is practically not usable with over 20 galleries. * I hope you find this helpful to improve the security and usability of the plugin. NGGallery is currently the best plugin to add images to a WordPress blog, but there are many security issues and usability issues that need to be addressed. * Thank you for developing such a great plugin, loving it! Best, Oliver Viewing 3 replies - 1 through 3 (of 3 total) * [Alex Rabe](https://wordpress.org/support/users/alexrabe/) * (@alexrabe) * [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-security-issues-suggestions/#post-1775277) * 1. It’s usefull for support, it doesn’t help to avoid hacking 2. Why ? 3. Why? Do you disable also the WP Core upload scripts ? 4. You don’t need a gobal write permission, use here the same function like WP Core 5. Serach will be improved in the next release and ongoing 6. Yes a reworked album page is needed, I have this on my ToDo List * Thread Starter [Oliver Krautscheid (oliversk)](https://wordpress.org/support/users/soliver/) * (@soliver) * [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-security-issues-suggestions/#post-1775432) * 1. It’s a security risk and many want to remove it (do a search on this forum). They can look into the readme file for version numbers. 2. Some people may not know that this is a security risk and need to be remembered. Other plugin authors also do this as a precaution. 3. Yes I disabled the upload scripts because I don’t need them and they can be exploited. Others might also want to disable it for security reasons. 4. Well, this depends on your server configuration. A lot of servers that run apache as nobody (WHM default configuration) require 777 on the gallery folder. A solution is mod_suphp, but if you know a way around this, it surely would improve the security of the plugin. 5.+6. Sounds good! * [Alex Rabe](https://wordpress.org/support/users/alexrabe/) * (@alexrabe) * [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-security-issues-suggestions/#post-1775442) * Well, i’m not security expert and I also didn’t know all ways of hacking, but AFAIK I’m using the same upload mechanism / folder check like WordPress Core. And I didn’t know about a current exploit. If you know some ways, please be so kind and send me a email, I will fix them ! * To secure your installation by disable all upload features is another way, and you probably know what code you need to change. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘[Plugin: NextGEN Gallery] Security Issues Suggestions’ is closed to new replies. * ![](https://ps.w.org/nextgen-gallery/assets/icon-256x256.png?rev=2083961) * [Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery](https://wordpress.org/plugins/nextgen-gallery/) * [Frequently Asked Questions](https://wordpress.org/plugins/nextgen-gallery/#faq) * [Support Threads](https://wordpress.org/support/plugin/nextgen-gallery/) * [Active Topics](https://wordpress.org/support/plugin/nextgen-gallery/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/nextgen-gallery/unresolved/) * [Reviews](https://wordpress.org/support/plugin/nextgen-gallery/reviews/) * 3 replies * 2 participants * Last reply from: [Alex Rabe](https://wordpress.org/support/users/alexrabe/) * Last activity: [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-security-issues-suggestions/#post-1775442) * Status: not resolved