It is a security risk!!

  • chocofc1

    (@chocofc1)


    8 months ago

    This plugin requires to enable the PHP ‘allow_url_fopen’ which is a security risk, and specially in WP environment with so many badly designed plugins and themes, with constant security vulnerabilities that are constantly being exploited by malicious actors.

    Sooner or later your web site will be exposed and someone will take advantage of ‘allow_url_fopen’.

    Aside of that the plugin has over 3000 files and 400 directories, which is clearly a bad design, where each file increases the attack surface and introduces a possible vulnerability.

    You have been warned!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Yui

    (@fierevere)

    永子

    8 months ago

    PHP ‘allow_url_fopen’ is safe. you might have confused it with allow_url_include

    Plugin Support Saravanan S, a11n

    (@simplysaru)

    8 months ago

    Hi @chocofc1

    PHP allow_url_fopen is used by the extension to assist with integration with external APIs and services such as the Google merchant center, without which the functionality of the plugin will be very limited.

    I don’t believe the directory structure or the no of files defines the security of the extension. If you do have any security concerns or recommendations, do create a bug/enhancement here. The extension is developed in the open and your contributions to improve the security are most welcome.


    I reviewed your profile and any support threads you have created and couldn’t find any topics, where you have requested for help with your issues with Google For WooCommerce. If you need help, please create a new support thread, so we can assist you further? Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘It is a security risk!!’ is closed to new replies.