Title: Security issue/suggestion
Last modified: June 17, 2022

---

# Security issue/suggestion

 *  Resolved [elr3000](https://wordpress.org/support/users/elr3000/)
 * (@elr3000)
 * [4 years ago](https://wordpress.org/support/topic/security-issue-suggestion/)
 * We’ve been using this plugin for years and it’s just excellent, and perfect for
   our needs.
 * We have made a very minor customization: we upload our own playhover.png file,
   one which matches the branding of our site. The original file is the image of
   a YouTube-style play icon that appears when you hover over a video.
 * Every time the plugin is updated, our custom playhover.png file is replaced with
   the default, so we have to reupload it every time the plugin is updated, which
   is fine really, and only a minor inconvenience.
 * However we have notice that if you right-click the image file on the page and
   select “Open image in new tab”, or “Copy image address”, the location of the 
   file is shown as “/wp-content/plugins/youtube-embed-plus-pro/images/playhover.
   png”.
 * This exposes the name of the plugin used to any bad guys who might want to be
   bad, se we consider to be a security issue. Yes we know there are other ways 
   bad guys could get this information, but this makes it really easy for them.
 * So I would like to request the following: provide an option that allows users
   to select a custom image for their play icons from their WP media gallery.
 * This would solve two problems; 1. the exposure of the plugin’s name in the URL,
   and 2. admins would not need to reupload their custom playhover.png file after
   every update.
 * It’s probably true that most admins would not even be bothered about the security
   thing I mentioned, but I think they would appreciate the option of being able
   to easily select a play icon that matches their company/website branding rather
   than youtube’s branding.
 * Thank you for you time and have an awesome weekend.
    -  This topic was modified 4 years ago by [elr3000](https://wordpress.org/support/users/elr3000/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [embedplus](https://wordpress.org/support/users/embedplus/)
 * (@embedplus)
 * [3 years, 12 months ago](https://wordpress.org/support/topic/security-issue-suggestion/#post-15810723)
 * To start, thanks for the compliments; but this is not a security issue. These
   unique plugin paths are actually a requirement for WordPress.org plugins. If 
   your goal really was to try and obfuscate such paths (i.e. from anyone that simply
   does a browser “view source”), you can try searching around for that as a separate
   solution given it would have to be something smart enough to somehow obfuscate
   paths for all plugins, themes, and perhaps even WordPress known directories…
 *  Plugin Author [embedplus](https://wordpress.org/support/users/embedplus/)
 * (@embedplus)
 * [3 years, 12 months ago](https://wordpress.org/support/topic/security-issue-suggestion/#post-15810725)
 * Regarding the hover, it sounds like you just want something to match your theme.
   You should be able to do that on your own with some CSS added to your theme that
   would survive plugin upgrades.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security issue/suggestion’ is closed to new replies.

 * ![](https://ps.w.org/youtube-embed-plus/assets/icon-256x256.png?rev=2165403)
 * [Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades](https://wordpress.org/plugins/youtube-embed-plus/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/youtube-embed-plus/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/youtube-embed-plus/)
 * [Active Topics](https://wordpress.org/support/plugin/youtube-embed-plus/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/youtube-embed-plus/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/youtube-embed-plus/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [embedplus](https://wordpress.org/support/users/embedplus/)
 * Last activity: [3 years, 12 months ago](https://wordpress.org/support/topic/security-issue-suggestion/#post-15810725)
 * Status: resolved