Title: Dangerous for Multisite
Last modified: August 24, 2016

---

# Dangerous for Multisite

 *  Resolved [TheServerGuy](https://wordpress.org/support/users/icryptic/)
 * (@icryptic)
 * [11 years ago](https://wordpress.org/support/topic/dangerous-for-multisite/)
 * It creates a major security exploit to all users of a Multisite Network and would
   only take 1 account to be compromised to cause hell on the entire masses.
 * With this plugin, a compromiser could steal data from the database (ie: usernames,
   passwords, emails, Everything). A compromiser could inject harmful data deliberately(
   or naive / ignorant user).
 * This plugin allows the compromiser (or user) to insert executable php.
 * I am suggesting you disable the insertion of php via this plugin using something
   to this extent…
 * if ( is_multisite() ) {
    if ( is_super_admin() && current_user_can(‘manage_network_options’)){//
   if is multisite only network admin can insert php } } else { //if is NOT multisite
   then Admins can insert php }
 * [https://wordpress.org/plugins/header-footer/](https://wordpress.org/plugins/header-footer/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [Stefano Lissa](https://wordpress.org/support/users/satollo/)
 * (@satollo)
 * [11 years ago](https://wordpress.org/support/topic/dangerous-for-multisite/#post-6076712)
 * Yes, that could be a patch but even let uncontrolled users to add javascript 
   freely on a site is not a good idea… 🙂
 * Anyway, Header and Footer was not designed for a multisite env., at least not
   for multiuser.

Viewing 1 replies (of 1 total)

The topic ‘Dangerous for Multisite’ is closed to new replies.

 * ![](https://ps.w.org/header-footer/assets/icon-256x256.png?rev=3452717)
 * [Head, Footer and Post Injections](https://wordpress.org/plugins/header-footer/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/header-footer/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/header-footer/)
 * [Active Topics](https://wordpress.org/support/plugin/header-footer/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/header-footer/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/header-footer/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Stefano Lissa](https://wordpress.org/support/users/satollo/)
 * Last activity: [11 years ago](https://wordpress.org/support/topic/dangerous-for-multisite/#post-6076712)
 * Status: resolved