The MU forums have moved to WordPress.org

FTP to plugin dir security risk? (4 posts)

  1. skcsknathan001
    Member
    Posted 12 years ago #

    Hi

    I'm wondering the following scenario:

    If I give somebody an FTP access to /plugin dir, is that a security risk? Can that person run a php script that can possibly download some "secret" files within /wp-admin/ folder? Or in any other folder other than /plugins for that matter?

    Would that be same if I give FTP access to /themes dir?

  2. andrea_r
    Moderator
    Posted 12 years ago #

    Yes. They can upload a file that runs php and connects to the database and drops all the tables.

    So.... bad idea.

  3. skcsknathan001
    Member
    Posted 12 years ago #

    hahaha.. it looks very dumb question for a guy who worked on WPMU for a very long time. I guess I needed that hammer on my head ;)

    Thanks Andrea.

  4. andrea_r
    Moderator
    Posted 12 years ago #

    That being said, I have given a *trusted* user specific access to their uploads folder. She needed to upload very large files, and it was easier all around that way, and more efficient.

    :D

About this Topic

  • Started 12 years ago by skcsknathan001
  • Latest reply from andrea_r