Title: Security Bug
Last modified: September 2, 2016

---

# Security Bug

 *  [Naser Mirzaei](https://wordpress.org/support/users/dll1024/)
 * (@dll1024)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-bug-2/)
 * Your Plugin Has a security bug
    Other plugins can use FTP variable and recieve
   ftp password!!! you can use this constants in wp-config.php to do same thing:
 *     ```
       define( 'FTP_USER', 'username' );
       define( 'FTP_PASS', 'password' );
       define( 'FTP_HOST', 'ftp.example.org' );
       ```
   

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-bug-2/#post-7806000)
 * I’m not really disagreeing with you but is that really a security bug or even
   a problem with this plugin?
 * FTP (a horrible designed on a napkin protocol) requires that the userid/password
   either be stored somewhere or prompt the user each time. Prompting wouldn’t make
   for a useful plugin.
 * Also if you do use those constants how is that different from a security point
   of view than what this plugin is doing?
 * Lastly, if another plugin is doing malicious things and executing code on your
   WordPress installation then what this plugin does is besides the point. Your 
   installation is aleready compromised. 😉
 *  Plugin Author [Danial Hatami](https://wordpress.org/support/users/boyfa/)
 * (@boyfa)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-bug-2/#post-7806006)
 * there is no security bug with this plugin ,
    This plugin does exactly what those
   codes do !!
 *  Thread Starter [Naser Mirzaei](https://wordpress.org/support/users/dll1024/)
 * (@dll1024)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-bug-2/#post-7806007)
 * I dont say that this plugin steals ftp info, but it save ftp password in an array
   and it can extract by others
    آره داداشم

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security Bug’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/ftp-access_ecebe6.svg)
 * [FTP Access](https://wordpress.org/plugins/ftp-access/)
 * [Support Threads](https://wordpress.org/support/plugin/ftp-access/)
 * [Active Topics](https://wordpress.org/support/plugin/ftp-access/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ftp-access/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ftp-access/reviews/)

 * 3 replies
 * 3 participants
 * Last reply from: [Naser Mirzaei](https://wordpress.org/support/users/dll1024/)
 * Last activity: [12 years, 6 months ago](https://wordpress.org/support/topic/security-bug-2/#post-7806007)