如果我在wordpress安装中创建文件夹,是否存在安全问题?
[英]Is there a security issue if I create folders inside a wordpress installation?
问题描述
I have the newest wordpress installed in "example.com". 
我在“ example.com”中安装了最新的wordpress。
If I create the folder "example.com/my-app/" and there run index.php which fetches data from mysql, but not from the wordpress database (different user, different db), is there a security issue? 如果我创建文件夹“ example.com/my-app/”,然后运行index.php,它从mysql而不是从wordpress数据库(不同的用户,不同的数据库)中获取数据,是否存在安全问题?
And if someone hacks into my wordpress account can they read the php files in "my-app/"? 如果有人侵入我的wordpress帐户,他们可以读取“ my-app /”中的php文件吗?
1 个解决方案
解决方案1
1 已采纳 2010-11-22 15:24:36
If I create the folder "example.com/my-app/" and there run index.php which fetches data from mysql, but not from the wordpress database (different user, different db), is there a security issue?
Not as such, no. 不是这样,不。
And if someone hacks into my wordpress account can they read the php files in "my-app/"?
I think so. 我认同。 As far as I know, in the default setting, Wordpress does not offer the possibility of entering PHP code that gets executed, but there are plugins for that, eg Exec-PHP . 据我所知,在默认设置下,Wordpress不能提供输入要执行的PHP代码的可能性,但是有一些插件,例如Exec-PHP 。
Seeing as an administrator can install such a plugin (or simply write one themselves) you have to assume that it is in fact possible to read and write PHP files from within Wordpress if somebody gains access to the administrator account. 看起来管理员可以安装这样的插件(或自己编写一个插件),您必须假设,如果有人获得了管理员帐户的访问权限,实际上就可以从Wordpress中读写PHP文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.