[wp-hackers] Disabling Tools->Export

Mike Little wordpress at zed1.com
Wed Jun 27 13:19:22 UTC 2012

Also Harry, if someone has the ability to load and activate plugins, they
have the ability to extract the DB credentials from wp-config.php and write
their own DB dump code. So no flag in the core of WordPress would prevent

Put your code to disable the functionality (and hide the menu if it helps)
in a must use plugin (wp-content/mu-plugins), and make it non-writable by
any users of the system (apache or any ftp users) -- I usually make the
file owned by root and read only.

And don't allow any no-trusted users the ability to install plugins, by any

Mike Little

More information about the wp-hackers mailing list