swfupload & wp security (1 post)

  1. profotomedia
    Posted 7 years ago #

    One of the recommended security procedures for protecting WordPress is to password protect the /wp-admin/ directory.

    However, if you do that, you break the SWFUpload capability because SWFUpload does not pass along the BASIC_AUTH variable (if set) in the requests or communication.

    There is currently a workaround using <Files> with Allow from that exposes async-upload.php, but a cleaner solution would be to have SWFUpload detect when BASIC_AUTH (PHP_AUTH_USER, PHP_AUTH_PW) is set and pass that along through the Flash requests/connections.

    Then the /wp-admin/ could be completely protected via htaccess without exposing any files.

Topic Closed

This topic has been closed to new replies.

About this Topic