post-page

WordPress Plugin Releases for 5/21

1
response
by
 
on
May 21st, 2012
in
WordPress Plugins

New plugins

Config Constants allows you to modify WP_DEBUG and other wp-config.php constants directly in the WordPress admin rather than manually editing them.

Password Protected is a very simple way to quickly password protect your WordPress site with a single password.

Updated plugins

Redirection allows you to manage 301 redirections and keep track of 404 errors without requiring knowledge of Apache .htaccess files.

StatComm provides realtime statistics on your blog, collecting information about visitors, spiders, search keywords, feeds, browsers, OS and more.

heading
heading
One
Response

 

Comments

  1. David V (1 comments.) says:

    Hey, thanks for the updates.
    I want to say I think the “Config Constants” plugin is a really bad idea from a security standpoint, much like the “phpmyadmin” plugin is.

    That is way too much power/control with a high likely-hood of being abused. It’s also completely unnecessary since changes to the wp-config almost never happen after a secure install, and if changes do need to be made they are easily and swiftly done via SFTP or SSH. (I purposely left out FTP since it’s completely insecure).
    I will say I have not reviewed the coding of the “Config Constants” plugin, so maybe it is written securely, but still, wow! It’s a clever idea sure…. but a Pandora’s box. Any moderately secure WP site would never keep the wp-config file in the root anyway, since it can and should be moved out of reach. The wp-config is after all the heart-n-soul of the WP site.
    I’m pretty adamant about this (security), because I have new clients who come to me all the time who have been hacked. It is a common thing, and the size or social standing of your website is irrelevant, it happens to the best of sites.
    In 80% of all the cases (I have worked with), the infiltration’s occurred for two reasons only. One, poor/insecure installation, and two, a free-for-all with the plugins on the site, the owners not realizing that just because a plugin works, saves you time, or appears cool, does not mean the coding it up-to-par, sanitized properly, or secure.



Obviously Powered by WordPress. © 2003-2013

page counter
css.php