On 05/13/2012 05:32 PM, Russell Coker wrote: > There are lots of people who choose Wordpress because it seems to provide a > lot of features that other systems don't provide, which includes a > significant > set of free themes and plugins which are available from Wordpress.org (not in > Debian). > >From my experience, the less plugins you use, the safer you are with wordpress. If you leave your users install whatever plugins they want without running wordpress in a chroot, then it's a security disaster, IMO.
I have countless examples of PHP files uploaded, then executed to run pishing sites, spams, etc. So much that now I require users to manually chmod +x all their PHP files before they can run, as uploaded PHP files wont be +x by default (it's a nice security safeguard anyway). Thomas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4faffd61.3040...@debian.org
