[wp-trac] [WordPress Trac] #14736: Ability to disable theme and plugin editor
WordPress Trac
wp-trac at lists.automattic.com
Mon Aug 30 14:53:19 UTC 2010
#14736: Ability to disable theme and plugin editor
--------------------------+-------------------------------------------------
Reporter: intoxination | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.0.1
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
A good security measure would be to add the ability to disable the plugin
and theme editor in wp-config. Something like:
define("DISABLE_FILE_EDITORS",1);
That way if a site is compromised via a brute force, there is the added
security of the attacker not being able to run arbitrary PHP code through
one of these files, like an exec() call.
Of course this isn't a replacement for good server security practices,
such as ensuring proper permissions and users, but it will add the ability
to give another layer of security for those who wish for it and should be
very simple to work in.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14736>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list