Restricting .PHP upload

  • Alkaweb

    (@alkaweb)


    9 years, 6 months ago

    Hello Thom,

    Once again, thank you very much for this awesome plugin! It’s from far the best Files Manager plugin for WordPress.

    However, we’ve noticed that .php files can be uploaded by default.

    Maybe, it can be more safe to deactivate such uploads in the first place and add an option to allow those files to be uploaded. Or just adding it by default to the restricted files types. So any user can enable it back on.

    I’m writing this because we had a server hacked that way. It’s no big deal as we’re recovering any issue and it’s because our uploader shortcode is public. But I think it can be a safe point to check and an be very useful for community sites who might allow uploads from any user.

    Please, let me know if you need more details.

    Best regards,

    2F (François)

    • This topic was modified 9 years, 6 months ago by Alkaweb.

The topic ‘Restricting .PHP upload’ is closed to new replies.