WebFaction
Community site: login faq

I've recently been asked to give admin status to a wordpress user and am trying to weigh the security implications. If they have access to edit the template and then use an exec() command, this seemingly would give them access to do whatever they wanted in any of my webapps folder.

Is there a way to limit php exec() commands and similar security problems to the webapp folder from which they arise? To at least limit the possible damage?

Thanks for any help or advice!

asked 27 Aug '13, 14:32

dhelma
111
accept rate: 0%


At this time, all of your PHP scripts are executed as your main account user and will have permission to do anything that your main user does. For this reason, you should only give admin status to users that you can trust.

permanent link

answered 27 Aug '13, 14:50

seanf
12.2k41836
accept rate: 37%

Placing define('DISALLOW_FILE_EDIT', true); in your wp_config.php will disable editing of any php scripts through the admin interface.

Just make sure they're not able to upload php scripts and that your server blocks code execution in upload directories.

http://codex.wordpress.org/Hardening_WordPress#Disable_File_Editing

permanent link

answered 27 Aug '13, 16:34

HittingSmoke
4822230
accept rate: 8%

edited 27 Aug '13, 16:35

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×262
×244
×69
×2

question asked: 27 Aug '13, 14:32

question was seen: 3,864 times

last updated: 27 Aug '13, 16:35

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM