Well, it depends, you would either have to use a plug-in like PHPExec (I use it and it’s great on WP 2.0.1) or you could hardcode a special page template for whatever the above is for and then you could forego the plug-in. I believe you can specify which uses can make use of the plug-in, so make sure you’re the only one that can.
I think safety is more a reactive cause, meaning it doesn’t matter how ‘safe’ it is made, if it is used improperly or careless it could be not-so-safe. There are warning labels on some toasters about not using them in the bath-tub, they have those because people have taken bathes with their toasters, so it is safe, but only to a degree. 🙂
Cheers,
Michael.
Thread Starter
drb05
(@drb05)
Thanks for the response. Are you referring to the same plugin over here:
http://www.soeren-weber.net/post/2005/08/18/50/
I don’t have any clue on how to hardwire php onto only page to have the above code to work. Could you please give me some leads?
Or can I safely use the exec-php plugin myself? I mean how can I make sure users or any other people are not accessing the plugin and using it? are there any options to uncheck?
Thanks,
drb
I’m not entirely sure I understand your question, but I can say that I use the Exec-PHP plugin with WordPress 2.01 without a hitch. I also use the FeedList plugin without a problem.
Thread Starter
drb05
(@drb05)
Sorry about that. Its my ignorance in the subject causing the trouble.
if somebody can execute php code within my blog and hack it, I want to make sure they don’t have access to execute php code.
since I am using the plugin, i am assuming any posts or pages, will be able to execute php commands and open the doors for hacking. Am i right?
I want to make sure only i can post and execute php code as administrator. What setting should I do or choose in WP do have that peace of mind?
Or I see that you are using this plugin:
http://priyadi.net/archives/2005/03/02/wordpress-php-exec-plugin/
What user level should I set to have maxmimum security?
Or am I still blabbering about hacking etc? being paranoid?
Sorry. Any help is much appreciated.
Thanks
drb
Yes, the link for the plug-in you posted is the one and only ExecPHP.
As far as I know, there are no specific, known security exploits with this plug-in or the current version of WordPress. You can specify which users are allowed to use the plug-in to execute code in a post, if an unauthorized user attempts to, it will most likely just be converted into Unicode and displayed, not executed.
The most prudent precautions you can take are making sure you have a complex password, that your hosting environment is up-to-date and secure, that you’re using the current stable version of WordPress and its’ plug-ins, but in the end, if someone is determined enough, I think they will always find a way to exploit something. There are risks with doing anything, whether it be using the internet or having a bath with your toaster (not a good idea!), just be ‘aware’ for things that are out-of-place and be prepared (ie: have back-ups etc) in case something does go wrong.
I hope that helps you out a bit!
Good luck,
Michael.
