Support » Plugin: Comment Images » Question about security

  • Resolved lauritasita

    (@lauritasita)


    Hi,

    I absolutely love your plugin. I have a question about security. Since this plugin is used by visitors that are not logged into the WordPress site, I’m a little concerned about hackers that will try to upload a virus or some kind of malware to the site. Does your plugin contain any screening before the actual upload goes through? I am using WordPress 3.5.

    Thank you,

    Laurita

    http://wordpress.org/extend/plugins/comment-images/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Good question! The plugin does a check to make sure that users are only uploading images. That is, it looks for GIF, JPG, JPEG, and PNG before allowing the file to be saved.

    If the file isn’t of that type, it rejects it.

    That said, I’d be lying if I said some creative hacker couldn’t work around that, but I do what I can to make sure my stuff is as robust as possible. It’s been downloaded quite a bit and I’ve had no complaints yet!

    This work on 3.5 version of wordpress, their was another one plugin by the same name minus the ‘S’ and I [moderated] love it, someone needs to make a new one. I miss the comment images

    Correct me if I am wrong, but it appears that you are just looking at the file extension, but not at other methods?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Question about security’ is closed to new replies.