Thursday, November 26 2015
  2 Replies
  1.5K Visits
  Subscribe
Hi -- in my testing WP Media Folder works with WordPress Multisite, but there are security implications. The "FTP Import" feature that lets you import entire directories will let admins browse and import ALL files in the WordPress installation. If some of your sites are restricted to registered users, their files can still be imported into other sites using this plugin.

For now I made a slight change so that FTP Import functionality is only available to super admins. Would it be possible to build in some safety for multisite installs?
The two approaches I can think of would be:

a) restrict folder browsing to the current users blog files
b) if running on multisite only allow the FTP Import feature to super admin users.

Thanks
Rod
D
Hi Rod,

Thanks for your feedback, I understand the point.
We'll think about and maybe restrict this functionality to the capability edit files which will allow it only super admins and admin of single site.

Best regards.

Damien
Y
6 years ago
Thanks for considering this change Darrien -- we have 1000+ sites. I expect a few dozen at most might use the WP Media Folder plugin. But we can't allow the possibility for them to import thousands of files from other sites.

Best,
Rod
  • Page :
  • 1
There are no replies made for this post yet.