Support » Plugin: Invoice King Pro » Security Questions

  • Hi
    I have a client, a firm of Solicitors and they are concerned about security.
    Where are the pdf invoices stored? Are they accessible to anyone or only the specified user? If they are stored on the site, how soon can they be removed after they are created??

    Apologies for the next slightly newbie question, but how secure is the WordPress user database? My recommendation will be to create secure passwords and assign them to clients, though this creates an extra level of possible security compromise and management by the firms accounts department that I suspect will not necessarily be kept up..

    Thanks in advance

    https://wordpress.org/plugins/invoice-king-pro/

Viewing 1 replies (of 1 total)
  • Plugin Author Ash Durham

    (@ashdurham)

    Hi Steviebabes,

    In answer to your questions:

    • Where are the PDF’s Stored?
      They are stored in a folder in the invoice king pro plugin folder
    • Are they accessible to anyone?
      Yes, if someone knows the path on the server and the filenames then you can view that via the url in a browser
    • How soon can they be removed from the server after being created?
      Technically, as soon as the PDF is viewed or emailed since the plugin generated the PDF’s at the time of request however currently they aren’t being removed at all.
    • How secure is the WordPress User database?
      This isn’t a question regarding the plugin. Loosely answering this, the passwords are encrypted prior to being stored

    Just putting it out there now, this plugin was not intended to be used for high security, top secret information scenarios. Just a way to allow freelancers to generate invoices quickly and easily. With that said, theres nothing stopping this from being built upon to give you additional functionality. Personally however, if the information is really that important to keep secure then using a free wordpress plugin (and the wordpress framework itself) shouldn’t be the path you take, I would be custom building something like that.

    With that aside, things like deleting the PDF from the server after its either viewed or emailed is a great idea as it would also benefit saving space on the server so I will definitely add that to the list of future features.

    After that, where they are stored then becomes irrelevant. The accessibility then also becomes irrelevant as there wont be anything to access HOWEVER…

    You’re concerned about security of the users database. At the end of the day, if someone wants your data, they will hack the server itself, not the “site”, so I would suggest your main efforts should be used on the security further down the line. Whether the PDF is there or not, the data that would create that PDF is still in the database.

    As the security side of this isn’t really part of what the plugin is built to do, I can only make suggestions, but thats as far as this can go.

    Hope that helps

Viewing 1 replies (of 1 total)
  • The topic ‘Security Questions’ is closed to new replies.