Forums

WordPress › Support » Plugins and Hacks

Can WP-Polls Plugin be exploited? (5 posts)

  1. Mammut Medien
    Member
    Posted 1 year ago #

    Hi there,

    I want to include and use WP-Polls on a new poll website. I did a research on all the different poll plugins out there and I came to the conclusion to use Lester Chan's wp-polls plugin until today when I read an article about the possibility to exploit the plugin.

    Read more about here: WARNING: WP-Polls WordPress Poll Plugin Can Be Exploited

    Since Lester is no longer available or supporting his plugins I thought I ask you guys.

    What do you think? Is the plugin still good enough to use it for real polls. The new website basically is a poll site with different polls about different topics so I need a plugin that I can rely on, that is quick to load and setup? When I use another 3rd party service the data needs to be loaded and so the loading time of the site increases.

    What do you think? And do you have any suggestions what plugin to use?

    Thanks in advance to all of you willing to help.
    Best regards,
    Daniel from Mammut Medien

    http://wordpress.org/extend/plugins/wp-polls/

  2. Lester Chan
    Member
    Posted 1 year ago #

    There are pros and cons of fixing that. The pros obviously is that the exploit will be fixed but the cons is that users that are behind a transparent proxy will not be able to vote once someone who is using the same transparent proxy has voted. Many ISPs uses transparent proxy.

    If you want it to be a secure, make user register on your site and set WP-Polls to logged via Username

  3. archon810
    Member
    Posted 1 year ago #

    Perhaps at least provide an option for the users to select? I see what you've done this, Lester, but this opens up an opportunity to easily spoof any number of votes and abandons any credibility.

    How do the big poll sites handle it? I think I'd prefer seeing some users unable to vote than have users voting 1000x times.

  4. Lester Chan
    Member
    Posted 1 year ago #

    If you asked me, I rather not let the user select and remove X_FORWARDED_FOR for totally. Too bad for the users behind a transparent proxy. I think I will just do that once I get my computer SVN up and running.

  5. archon810
    Member
    Posted 1 year ago #

    Excellent choice :-]

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags