hi guys.. lately i been care alot about Wp security since my blog were been hacked alot of time this month..
i like bft-autoresponder but websitedefender.com alert me with this note :
“One or more include files with .inc extension were found on your website. Because files with .inc extension are not processed by PHP, an attacker can read the contents of this files by requesting them dirrectly. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.
URL : http://xxxxxxxx.com//xxxxxly/wp-content/plugins/bft-autoresponder/bft_hook.inc
It is recommended to use another extension (maybe .php, or .php.inc) for these files.
Another option is to create an .htaccess files that will prevent the server from serving these files.
To do this create an .htaccess file with the following content.
<Files ~ “\.inc$”>
Deny from all
is this plugin realy save or it just some false alarm.
what should i do?? is it okey if i put those script on my .httacces file?? if yes, will this plugin still work?? because i love this plugin alot..
thanks in advance for the help
- The topic ‘[Plugin: BFT Autoresponder] Security Alert’ is closed to new replies.