Support » Fixing WordPress » WordPress Security: media upload

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi @josefe03,

    I am not sure why the “name” would be a problem for security. If you are really concerned about the images that reside on your server, then you should think about how to protect the data. You could speak with your web hosting providers regarding the same so that they can give you options as to how your data can be protected.

    You may want to change over from HTTP to HTTPS. You could also get your entire code audited from a security expert to ensure no attacks (like sql injections) etc can be made via your code base.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I’ve moved this topic to the right place, this is not what “Hacks” is for.

    The file name doesn’t have anything to do with security and php will not interpret files that have the .jpg extension.

    You’re looking in the wrong place. 😉

    If you have a user who can upload files and you cannot trust that account then the problem isn’t that they can upload media files. The problem is that they can log into your site at all.

    You can restrict that via setting the account role to something harmless such as subscriber or contributor.

    https://codex.wordpress.org/Roles_and_Capabilities

    That will limit the account’s ability to just post and publish without any restrictions.

    Thanks @jdembowski

    The file name doesn’t have anything to do with security and php will not interpret files that have the .jpg extension.

    That was what I wanted to know, because I did´t know if anyone could do bypass those files.

    • This reply was modified 2 years, 11 months ago by  jd90.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WordPress Security: media upload’ is closed to new replies.