Why the plugin doesn’t prefix its tables?

  • 7studio

    (@7studio)


    9 years, 2 months ago

    Hi Gregory,

    I have a question before giving a try to WP Cerber about your choice to do not use the database prefix ($wpdb->prefix) for your plugin databases. IMHO it could be considered as a security issue even if the databases don’t store crucial data. What are your arguments about this behaviour? Is there any way that it changes into a next version ?

    Plus, it will be more relevant to use the function dbDelta to create the databases as the doc recommends it https://codex.ww.wp.xz.cn/Creating_Tables_with_Plugins instead of the simple $wpdb->query.

    Hope this issue contributes to your plugin,
    Xavier.

Viewing 1 replies (of 1 total)
  • Plugin Author gioni

    (@gioni)

    9 years, 2 months ago

    Hi!

    It’s a long story that started several years ago. I needed to protect multisite WordPress with a lot of websites. When I have no prefix it’s easy to get it for all the websites and also that lets me manage them as a whole. Yes, I’m going to add prefixes in one of the next releases.

    It’s not an actual security issue. If an intruder has an ability to insert rows into a table, they don’t need to attack the plugins table at all. What’s the reason? They can easily insert malicious code directly to a content related table.

Viewing 1 replies (of 1 total)

The topic ‘Why the plugin doesn’t prefix its tables?’ is closed to new replies.