Home Forums WordPress, blogging, SEO File Manager WordPress plugin security flaw

Viewing 1 post (of 1 total)
  • Author
  • #4191 Reply

    The popular File Manager plugin for WordPress is a useful tool and 700,000 people use it according to the WordPress plugins catalog. It enables you to upload files directly to your web server where FTP is not available or you don’t want to use it for some reason (it’s the best way).

    A flaw was recently discovered in File Manager and it is actively being used by hackers to get into websites. The hacker uploads malicious files and takes over the site.

    Make sure you update the plugin. Also make sure that only the admin user has access to it. A file manager plugin (there are several), exposes the files in WordPress and gives the user the power to delete essential files, upload malware, or even take over the site. You only want an admin to have this power, not ordinary users.

    Check the security settings in the file manager plugin if you use one, there should be an option to restrict access to certain roles, like admin.

    More details at the Wordfence website.


Viewing 1 post (of 1 total)
Reply To: File Manager WordPress plugin security flaw
Your information: