swfupload & wp security | WordPress.org

profotomedia
(@profotomedia)

14 years, 8 months ago

One of the recommended security procedures for protecting WordPress is to password protect the /wp-admin/ directory.

However, if you do that, you break the SWFUpload capability because SWFUpload does not pass along the BASIC_AUTH variable (if set) in the requests or communication.

There is currently a workaround using <Files> with Allow from that exposes async-upload.php, but a cleaner solution would be to have SWFUpload detect when BASIC_AUTH (PHP_AUTH_USER, PHP_AUTH_PW) is set and pass that along through the Flash requests/connections.

Then the /wp-admin/ could be completely protected via htaccess without exposing any files.

The topic ‘swfupload & wp security’ is closed to new replies.

Tags

wp-admin

In: Requests and Feedback
0 replies
1 participant
Last reply from: profotomedia
Last activity: 14 years, 8 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics