post-page

WordPress Plugin Releases for 5/21

1
response
by
 
on
May 21st, 2012
in
WordPress Plugins
heading
heading
heading
One
Response

 

Comments

  1. David V (1 comments.) says:

    Hey, thanks for the updates.
    I want to say I think the “Config Constants” plugin is a really bad idea from a security standpoint, much like the “phpmyadmin” plugin is.

    That is way too much power/control with a high likely-hood of being abused. It’s also completely unnecessary since changes to the wp-config almost never happen after a secure install, and if changes do need to be made they are easily and swiftly done via SFTP or SSH. (I purposely left out FTP since it’s completely insecure).
    I will say I have not reviewed the coding of the “Config Constants” plugin, so maybe it is written securely, but still, wow! It’s a clever idea sure…. but a Pandora’s box. Any moderately secure WP site would never keep the wp-config file in the root anyway, since it can and should be moved out of reach. The wp-config is after all the heart-n-soul of the WP site.
    I’m pretty adamant about this (security), because I have new clients who come to me all the time who have been hacked. It is a common thing, and the size or social standing of your website is irrelevant, it happens to the best of sites.
    In 80% of all the cases (I have worked with), the infiltration’s occurred for two reasons only. One, poor/insecure installation, and two, a free-for-all with the plugins on the site, the owners not realizing that just because a plugin works, saves you time, or appears cool, does not mean the coding it up-to-par, sanitized properly, or secure.



Obviously Powered by WordPress. © 2003-2013

page counter
css.php