Is it safe to allow /wp-admin/async-upload.php | WordPress.org

Resolved FlatText
(@flattext)

8 years, 9 months ago

Hi guys,

Love your plugin.

I’ve disallowed uploads (except for admin), but in .htninja I’ve allowed the wp-admin/async-upload.php script.

I’ve done this so one type of user role can upload files. Is this safe to do? I do not want to white-list all logged in users just to allow them to attach images in Posts.

I’d like to know if I’m shooting myself in the foot here.

Viewing 1 replies (of 1 total)

Plugin Author nintechnet
(@nintechnet)

8 years, 9 months ago

Hi,

That’s fine: you are allowing only what you need, and blocking what you don’t need.

Viewing 1 replies (of 1 total)

The topic ‘Is it safe to allow /wp-admin/async-upload.php’ is closed to new replies.

1 reply
2 participants
Last reply from: nintechnet
Last activity: 8 years, 9 months ago
Status: resolved