Quick Post Widget, vs. TDO Mini Forms, ucan-post, UCan
I was using TDO Mini Forms plugin – (WP folks – WE NEED SOMETHING TO ALLOW USERS TO POST FROM THE FRONT PAGE!)
Not long ago I have leared, it was removed from repository.
I have found some pople use “Quick Post Widget”.
Drop here a link how YOU use, please.
Here is my concern: It is secure enough?
Here is a post on one of the small board:
I got it working using “author” but my theme developper mentioned that it is not recommended as it present a greater security risk. My main concern, however, is preventing people from introducing malware via their posts. I already have the site protected by ZBBlock and was wondering if disabling media upload in your widget was sufficient or should I also disable the plugin editor? I am not technical and I much appreciate your input.
The media upload component can be configured to allow only certain file extensions and a certain size. Look for the file:
If you are in doubt just disable media upload.
Disabling the visual editor won’t change much because it’s merely a tool for easier posting. With the editor disabled you can, just by using the plain post box of the widget, still insert HTML etc.
I would say there’s no risk involved.
I only disabled media upload and the plugin is working fine.
- The topic ‘Quick Post Widget, vs. TDO Mini Forms, ucan-post, UCan’ is closed to new replies.