[wp-trac] [WordPress Trac] #31779: Warn users before using a built-in file editor for the first time
WordPress Trac
noreply at wordpress.org
Tue Apr 7 20:33:12 UTC 2015
#31779: Warn users before using a built-in file editor for the first time
-------------------------+---------------------------------
Reporter: helen | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: | Focuses: ui, administration
-------------------------+---------------------------------
Comment (by magicroundabout):
Hi guys,
I don't know if this is appropriate here, but I came to trac to see if
there was a discussion about the idea of making the plugin and theme
editors off by default and I couldn't find one, but I did find this.
My opinion is that these shouldn't be removed entirely, but they should be
disabled - in the config - by default. My reasoning for this is security.
I've probably worked on about 100 WordPress sites in the last four years
and had maybe 5 or 6 sites hacked. Every time analysis of the logs has
shown that after an initial entry (either by brute force or by some
unknown method) the hacker bots proceeded to inject code using the theme
editors.
I now add
{{{
define('DISALLOW_FILE_EDIT', true);
}}}
to wp-config.php as a matter of course. It's like a nervous tick: install
WordPress, disable editors.
YES, I am totally aware that this is not a security risk if other security
is present and correct: brute force protection, strong passwords, etc. But
I should add that most of these sites that I'm rescuing are not sites that
I developed - they are places where I'm bailing out another developer or
an un-knowing user.
Is there a good reason why this feature, which seems to me to be a huge
security issue in WordPress, is not off by default? I would suggest that
this config option should be ALLOW_FILE_EDIT and it should be false by
default. I would be quite happy for this to be an option during the
WordPress install (though I doubt that would be a good idea as the user
probably wouldn't understand the option in many cases). It would need to
be backwards-compatible somehow to prevent an update breaking users'
installs.
I'm happy to spin off another ticket to discuss. But this seemed an
appropriate place to raise it. I hope you don't mind.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31779#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list