[wp-trac] [WordPress Trac] #11306: Option to disable theme/plugin editor
WordPress Trac
wp-trac at lists.automattic.com
Sun Feb 14 16:01:14 UTC 2010
#11306: Option to disable theme/plugin editor
-----------------------------+----------------------------------------------
Reporter: kchrist | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: 3.0
Component: General | Version: 2.9
Severity: normal | Keywords: has-patch
-----------------------------+----------------------------------------------
Comment(by kchrist):
Replying to [comment:31 janeforshort]:
> If someone is that much at risk of having passwords stolen and site
overtaken, then they probably shouldn't be an admin.
I respectfully disagree. By this logic, anyone running WP without SSL
shouldn't be doing so. Anyone not using SSL is taking this risk. And even
more so if they ever use public wifi. You and I know better, but how many
WP users do you think do this every day?
Anyway, let's not lose sight of the fact that we're talking about an
''option''. No one is suggesting that the code editor be removed entirely
or even disabled by default. But it would be a nice security enhancement
for those that want it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11306#comment:32>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list