upload security

  • Resolved wpdev123456

    (@wpdev123456)


    7 years, 3 months ago

    Hello,

    I have a upload php program resided in the theme folder. However, I do not have the permission to access this upload php file because I have disable PHP in themes for security reasons.

    What is the best way to resolve this? Should I enable PHP in themes? Most of the security plugins disable PHP in themes.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator James Huff

    (@macmanx)

    7 years, 3 months ago

    I guess my first question would be _why_ does that theme have an upload file?

    Thread Starter wpdev123456

    (@wpdev123456)

    7 years, 3 months ago

    Well we let some users to upload attachments such as word document, pdf etc. when a work order is created. The upload program we created deployed in the theme folder. We disabled execution in the upload folder, where uploaded files resided. If there is a need to upload document in WordPress, should we disable PHP in themes? Is this a security risks?

    What is the best practice in deploy such program in the theme folder? I am sure others might have resolved this already. Thanks.

    Moderator James Huff

    (@macmanx)

    7 years, 3 months ago

    In general, security things disable upload execution in the themes folder because things generally don’t upload into the themes folder.

    If you know why the upload file is there and what it’s doing, there’s no reason to block it.

    Thread Starter wpdev123456

    (@wpdev123456)

    7 years, 3 months ago

    Thanks James.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘upload security’ is closed to new replies.