¿Deactivated plugin insecure? | WordPress.org

mastereklipse
(@mastereklipse)

12 years, 6 months ago

I had an unusual request from the personal who is hosting my site.

I found one plugin that caused a successful hack attack few days ago.
After I solved the problem I disabled it.

The technical supports is saying that is not enough.
In his personal words:

“Unfortunately disabling the plugin won’t be enough as the files are still there and can easily be accessed by anyone just by browsing your plugins folder.
At this point I would recommend replacing the plugin with another one, preferably one that is updated often so that these issues do not reoccur.”

Is this true? Is there a way that a disabled plugin represent a threat?
Thanks you

Viewing 1 replies (of 1 total)

Samuel B
(@samboll)

12 years, 6 months ago

Is this true? Is there a way that a disabled plugin represent a threat?

definitely – if a file is on the server it’s still open to hacking

Viewing 1 replies (of 1 total)

The topic ‘¿Deactivated plugin insecure?’ is closed to new replies.

Tags

disabled

In: Plugins
1 reply
2 participants
Last reply from: Samuel B
Last activity: 12 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics