[wp-hackers] Security in wordpress

Guy wphax at nullamatix.com
Fri May 7 14:33:19 UTC 2010


On Fri, May 7, 2010 at 10:27 AM, Ash Goodman <ash at thinkinginvain.com> wrote:
> .....
>
> I would like to set my server up so that the FTP credentials are not
> required for wordpress and plugin updates as shown here:
> http://robspencer.net/auto-update-wordpress-without-ftp/
>
> This also seems to eliminate the problem of needing to 777 the uploads
> folder in order to upload images.
>
> Is this safe to do or is it only going to cause other security problems
> and/or cause problems with wordpress?
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No - "FTP" is inherently insecure. Consider implementing ftps or sftp
as an alternative.

Regards,

Guy
KeyID: 0x353DA923
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkvkJN4ACgkQctdntTU9qSPEcQCfUH0pCSqBnDn7p8vGM7cSiCTL
vcEAnRr3s6LS8ehjPZuOHFhkU3HJug/f
=rReE
-----END PGP SIGNATURE-----


More information about the wp-hackers mailing list