[wp-hackers] Moved from BlogWare to WordPress - Need Help
Chris Pirillo
chris at lockergnome.com
Sat May 20 09:39:18 GMT 2006
> DISABLE THAT PLUGIN!
>
> It bypasses many vital WordPress security checks, so makes your blog
> vulnerable to types of vandalism from which the WordPress developers
> have spent MONTHS of effort protecting you.
I sent the URL for your comment to Sean (the plugin's creator). Not to start
a war, but... here's what he says:
"Anything is possible, although that isn't much to go on. It would be more
helpful if the person saying to disable the plugin explained why it's a
security risk. On the backend of the plugin, the /wp-config, and the
/wp-admin/admin.php scripts are included in the main script. If the person
trying to edit a post isn't an admin, and isn't logged in, then the backend
scripts will not work. There is no way around it."
Chris
More information about the wp-hackers
mailing list