Support » Requests and Feedback » swfupload & wp security

  • profotomedia


    One of the recommended security procedures for protecting WordPress is to password protect the /wp-admin/ directory.

    However, if you do that, you break the SWFUpload capability because SWFUpload does not pass along the BASIC_AUTH variable (if set) in the requests or communication.

    There is currently a workaround using <Files> with Allow from that exposes async-upload.php, but a cleaner solution would be to have SWFUpload detect when BASIC_AUTH (PHP_AUTH_USER, PHP_AUTH_PW) is set and pass that along through the Flash requests/connections.

    Then the /wp-admin/ could be completely protected via htaccess without exposing any files.

  • The topic ‘swfupload & wp security’ is closed to new replies.