[wp-hackers] Disabling Tools->Export

Mike Little wordpress at zed1.com
Wed Jun 27 13:19:22 UTC 2012


Also Harry, if someone has the ability to load and activate plugins, they
have the ability to extract the DB credentials from wp-config.php and write
their own DB dump code. So no flag in the core of WordPress would prevent
that.

Put your code to disable the functionality (and hide the menu if it helps)
in a must use plugin (wp-content/mu-plugins), and make it non-writable by
any users of the system (apache or any ftp users) -- I usually make the
file owned by root and read only.

And don't allow any no-trusted users the ability to install plugins, by any
means.


Mike
-- 
Mike Little
http://zed1.com/


More information about the wp-hackers mailing list