[wp-hackers] Proposal: standardize plugin-data path

Jeremy Clarke jer-wphackers at simianuprising.com
Fri Sep 26 18:54:55 GMT 2008


+1 for using the uploads dir for storing plugin files. After we were
hacked we had to lock down the permissions on everything but that
directory, which is what basically everyone should be doing anyway.
Seeing as it's the only directory that MUST be writable by the server
it will be the place least likely to require loosening permissions to
use.

That said, we also had to turn off all .php execution from inside that
directory because the damn hackers kept uploading image files full of
php code and using them as a backdoor, so its worth keeping in mind
that such directories might have limited power because they are so
open.

-- 
Jeremy Clarke | http://simianuprising.com
Code and Design | http://globalvoicesonline.org


More information about the wp-hackers mailing list