Conversation

Notices

1. Embed this notice
   Rimu (rimu@mastodon.nzoss.nz)'s status on Wednesday, 08-May-2024 15:52:19 JST Rimu

   @jalefkowit Yuup.

   Also.

   If you disable a plugin or theme it stops receiving security updates yet the files are still sitting there on your web server and can be executed by doing a request e.g. yoursite.com/wp-content/plugin/disabled-plugin/insecure_code.php

   • Embed this notice
     Rimu (rimu@mastodon.nzoss.nz)'s status on Thursday, 09-May-2024 06:46:14 JST Rimu

     in reply to

     • Advanced Persistent Teapot
     • Thomas Kräftner

     @http_error_418 @kraftner @jalefkowit That's my method too, plus delete a plugin after disabling it. If I remember...

   • Embed this notice
     Thomas Kräftner (kraftner@mastodon.social)'s status on Thursday, 09-May-2024 06:46:15 JST Thomas Kräftner

     in reply to

     @rimu @jalefkowit WP warns you about this. Also if a plugin has any code that runs by directly accessing a PHP file in it that is just a really shitty plugin one should avoid.

   • Embed this notice
     Advanced Persistent Teapot (http_error_418@hachyderm.io)'s status on Thursday, 09-May-2024 06:46:15 JST Advanced Persistent Teapot

     in reply to

     • Thomas Kräftner

     @kraftner @rimu @jalefkowit the problem with this is, to someone who's just installing the code by clicking a gui, how do you -know- it's shitty code you should avoid underneath?

     I try to keep myself safe by only using highly reviewed plugins with shit tons of downloads, but I know this is a fairly terrible crutch.