Support » Everything else WordPress » Security risk with plugins for PHP

  • Hi Guys

    A great risk to all if you use a script plug in and flip between HTML and Visual view.

    If you use a php plug in and get your page to work, then when editing that page ensure you enter it in HTML and check your Tags and coding are still correct. If you do not the result is catastrphic, WP rewres half the tags so they are no longer valid tags and your PHP code is displayed on your WP page in public view for all to see.

    The same can be said if you use a form on your page. The minute you enter anything other than HTML view the form is stripped out and no longer works.

    Come on guys apart from the security risk you cause to PHP users that need php code on their page this is also dammed annoying and it si about time WP sorted out the problem

    Imagine having a site with over 300 items on there over various pages each wth their own form (A site i look after does) and without knowing you edit all these items in html view only to find you have to go back and reneter the form for each item and then realise that the PHP has been stripped out and your code is visible for all to see.

    Why do you do this to us???


Viewing 1 replies (of 1 total)
  • Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    I’ll likely be sorry for asking this, but what are you referring to…? Are you talking about the Visual Editor, a plugin, or something else?

    If you are editing HTML via the HTML view and it’s getting stripped out by the visual editor, that’s what it does. That’s not a security risk at all, at worse it’s an annoyance. If that’s it then consider switching off the visual editor in your account.


    Or do you mean something else?

Viewing 1 replies (of 1 total)
  • The topic ‘Security risk with plugins for PHP’ is closed to new replies.