Security

  • Resolved edouardcoleman

    (@edouardcoleman)


    9 years, 5 months ago

    Hello!

    This is a general question, not just about your plugin. I dont know anything about hacking but as you know there is a problem of security when you make WordPress allow SVG.

    So I wonder: if I make my own SVGs with Illustrator, is it 100% secure? Or is there still a risk after that?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Benbodhi

    (@benbodhi)

    9 years, 5 months ago

    Hi,

    Obviously if you make your own SVG, it will be fine… the issue is that SVG files are actually XML, so as soon as you allow uploads of these files, a user on your site could potentially upload malicious XML script masked as an SVG file.

    My plugin gives you the option of only allowing admins to upload SVG which helps so other roles can’t even upload them, but you need to trust your admins!

    I hope this helps.

    There is a lot of info about this if you do a quick search for “SVG WordPress Security” or something like that to learn more details, but that’s the core of it.

    Thanks for using my plugin 🙂

    Thread Starter edouardcoleman

    (@edouardcoleman)

    9 years, 5 months ago

    Perfect answer, thanks a lot!

    Plugin Author Benbodhi

    (@benbodhi)

    9 years, 5 months ago

    No problem!
    Thanks for your support.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security’ is closed to new replies.

Tags