Security issue/suggestion

We’ve been using this plugin for years and it’s just excellent, and perfect for our needs.

We have made a very minor customization: we upload our own playhover.png file, one which matches the branding of our site. The original file is the image of a YouTube-style play icon that appears when you hover over a video.

Every time the plugin is updated, our custom playhover.png file is replaced with the default, so we have to reupload it every time the plugin is updated, which is fine really, and only a minor inconvenience.

However we have notice that if you right-click the image file on the page and select “Open image in new tab”, or “Copy image address”, the location of the file is shown as “/wp-content/plugins/youtube-embed-plus-pro/images/playhover.png”.

This exposes the name of the plugin used to any bad guys who might want to be bad, se we consider to be a security issue. Yes we know there are other ways bad guys could get this information, but this makes it really easy for them.

So I would like to request the following: provide an option that allows users to select a custom image for their play icons from their WP media gallery.

This would solve two problems; 1. the exposure of the plugin’s name in the URL, and 2. admins would not need to reupload their custom playhover.png file after every update.

It’s probably true that most admins would not even be bothered about the security thing I mentioned, but I think they would appreciate the option of being able to easily select a play icon that matches their company/website branding rather than youtube’s branding.

Thank you for you time and have an awesome weekend.

• This topic was modified 3 years, 11 months ago by elr3000.