Arigato Autoresponder and Newsletter
[resolved] [Plugin: BFT Autoresponder] Security Alert (2 posts)

  1. Rangga
    Posted 4 years ago #

    hi guys.. lately i been care alot about Wp security since my blog were been hacked alot of time this month..

    i like bft-autoresponder but websitedefender.com alert me with this note :

    "One or more include files with .inc extension were found on your website. Because files with .inc extension are not processed by PHP, an attacker can read the contents of this files by requesting them dirrectly. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.
    URL : http://xxxxxxxx.com//xxxxxly/wp-content/plugins/bft-autoresponder/bft_hook.inc

    It is recommended to use another extension (maybe .php, or .php.inc) for these files.
    Another option is to create an .htaccess files that will prevent the server from serving these files.
    To do this create an .htaccess file with the following content.

    <Files ~ "\.inc$">
    Order allow,deny
    Deny from all

    is this plugin realy save or it just some false alarm.
    what should i do?? is it okey if i put those script on my .httacces file?? if yes, will this plugin still work?? because i love this plugin alot..

    thanks in advance for the help


  2. prasunsen
    Plugin Author

    Posted 4 years ago #

    The plugin is safe, the .inc file just contains the email sending function. Even if someone download it, there is nothing they can do with it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Arigato Autoresponder and Newsletter
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic