Title: Its a security problem?
Last modified: December 27, 2023

---

# Its a security problem?

 *  Resolved [Paul Vek](https://wordpress.org/support/users/paulvek/)
 * (@paulvek)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/its-a-security-problem/)
 * hello.
 * why query monitor make linked db.php file in root (public_html)
 *     ```wp-block-code
       <?php
       /**
        * Plugin Name: Query Monitor Database Class (Drop-in)
        * Description: Database drop-in for Query Monitor, the developer tools panel for WordPress.
        * Version:     3.15.0
        * Plugin URI:  https://querymonitor.com/
        * Author:      John Blackbourn
        * Author URI:  https://querymonitor.com/
        *
        * *********************************************************************
        *
        * Ensure this file is symlinked to your wp-content directory to provide
        * additional database query information in Query Monitor's output.
        *
        * @see https://github.com/johnbillion/query-monitor/wiki/db.php-Symlink
        *
        * *********************************************************************
        *
        * @package query-monitor
        */
   
       if ( ! defined( 'ABSPATH' ) ) {
       	exit;
       }
   
       if ( ! defined( 'DB_USER' ) ) {
       	return;
       }
   
       if ( defined( 'QM_DISABLED' ) && QM_DISABLED ) {
       	return;
       }
   
       if ( defined( 'WP_INSTALLING' ) && WP_INSTALLING ) {
       	return;
       }
   
       if ( 'cli' === php_sapi_name() && ! defined( 'QM_TESTS' ) ) {
       	# For the time being, let's not load QM when using the CLI because we've no persistent storage and no means of
       	# outputting collected data on the CLI. This will hopefully change in a future version of QM.
       	return;
       }
   
       if ( defined( 'DOING_CRON' ) && DOING_CRON ) {
       	# Let's not load QM during cron events for the same reason as above.
       	return;
       }
   
       # Don't load QM during plugin updates to prevent function signature changes causing issues between versions.
       if ( is_admin() ) {
       	if ( isset( $_GET['action'] ) && 'upgrade-plugin' === $_GET['action'] ) {
       		return;
       	}
   
       	if ( isset( $_POST['action'] ) && 'update-plugin' === $_POST['action'] ) {
       		return;
       	}
       }
   
       // This must be required before vendor/autoload.php so QM can serve its own message about PHP compatibility.
       $qm_dir = dirname( dirname( __FILE__ ) );
       $qm_php = "{$qm_dir}/classes/PHP.php";
   
       if ( ! is_readable( $qm_php ) ) {
       	return;
       }
       require_once $qm_php;
   
       if ( ! QM_PHP::version_met() ) {
       	return;
       }
   
       if ( ! file_exists( "{$qm_dir}/vendor/autoload.php" ) ) {
       	add_action( 'all_admin_notices', 'QM_PHP::vendor_nope' );
       	return;
       }
   
       require_once "{$qm_dir}/vendor/autoload.php";
   
       if ( ! class_exists( 'QM_Backtrace' ) ) {
       	return;
       }
   
       if ( ! defined( 'SAVEQUERIES' ) ) {
       	define( 'SAVEQUERIES', true );
       }
   
       // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
       $wpdb = new QM_DB( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST );
       ```
   
 * what is this? Is this really needed? Can’t this cause any security problems? 
   Was there no better way to do this?

Viewing 1 replies (of 1 total)

 *  Plugin Author [John Blackbourn](https://wordpress.org/support/users/johnbillion/)
 * (@johnbillion)
 * WordPress Core Developer
 * [2 years, 5 months ago](https://wordpress.org/support/topic/its-a-security-problem/#post-17303106)
 * This is called a WordPress drop-in plugin. It’s a standard feature of WordPress
   and is used by plugins that provide advanced caching, routing, error handling,
   or, in the case of Query Monitor, a custom database driver. Nothing to worry 
   about.

Viewing 1 replies (of 1 total)

The topic ‘Its a security problem?’ is closed to new replies.

 * ![](https://ps.w.org/query-monitor/assets/icon.svg?rev=2994095)
 * [Query Monitor](https://wordpress.org/plugins/query-monitor/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/query-monitor/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/query-monitor/)
 * [Active Topics](https://wordpress.org/support/plugin/query-monitor/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/query-monitor/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/query-monitor/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [John Blackbourn](https://wordpress.org/support/users/johnbillion/)
 * Last activity: [2 years, 5 months ago](https://wordpress.org/support/topic/its-a-security-problem/#post-17303106)
 * Status: resolved