Jump to content


Welcome to the forum:

Welcome to the iThemes, PluginBuddy and WebDesign.com forum. We've created several tutorial video's to help you get you started with using the forum, please check them out!

Also take note of the forum guidelines.


Support hours:

Our moderators actively respond to forum support requests during normal business hours which are Monday-Friday, 8am - 5pm Central Standard Time, typically within one business day. Although some moderators choose to work during the weekends, we can not guarantee immediate attention to your requests. Thanks for understanding.

What is included with support:

Premium support includes theme/plugin issues such as: bugs encountered under normal operation, how to use basic features, basic WordPress help, and basic help with customization (meaning we point you to resources and will help in more depth as time allows). More information.

information

Ithemes Security: Some Flaws



This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 Guest_Mario_*

Guest_Mario_*
  • Guests

Posted 07 August 2014 - 11:44 AM

Hi there,

I am just checking the iThemes Plugin which IMO is the the best plugin for WordPress if ure looking for a complete package.
But still, it has some flaws that should be fixed if you ask me, because they might give the user a wrong feeling about his/her safety:

- "User's nicknames are different from their display name.": Thats not true. Yes, it will prevent NEW users from choosing the same nick as their username or users editing their nick to their username. But for already existing users, this does not change anything. That is IMO a major flaw, because the admin account will be most likely not edited and you still have this issue.
- Why should I make my .htaccess writable? iThemes does not properly work if the .htaccess is not writable. I do not want this file to be writable, I may not want the apache process (and with it any malware) to be able to change this. WordPress can handle this when setting up permalink structure and tells you to edit the .htaccess file on your own.
iThemes tells me to contact support, but still, all features that were checked and need to change the htaccess tell the user to be enabled and give a wrong safety with this.
I think iThemes somehow needs to check if its settings are really applied to the htaccess file.

- Suggestion: Add disabling PHP execution in the uploads folder to One-Click setup. This is a feature that can really prevent malware to spread on your server after a user account has been compromised.


Thanks for the great plugin!

Mario

#2 Gerroald

Gerroald

    iThemes Support

  • Moderators
  • Others: All Plugins, All Themes, Toolkit, Webdesign
  • 3,507 posts

Posted 07 August 2014 - 03:08 PM

Hey Mario,

Thanks for the feedback, and kind words!

I've recorded your suggestions to our internal project management board and informed the developer.

Please let us know if you have any other suggestions.

Thanks,

Gerroald