Do Not Use this with Cloudflare Unless you want to loose control of all domains
-
I have updated my review as I received fast response and I also received a thank you for pointing out that a new feature is included in Cloudflare and they are updating their script to work with Cloudflare ignorer to protect Customers and their Cloudflare account. Fast response and a promise to fix deservers a change.
This plugin mandates that you use the Global API Key for Cloudflare CDN compatibility, which will compromise your Cloudflare account giving who ever hacks your WordPress site, the complete control over your Cloudflare account. This plugin will let the hacker change and manipulate all settings for all domains in your Cloudflare account.
If and when you are hacked this plugin will be your downfall for Cloudflare domains, if you use it for CDN Cloudflare compatibility. The Hacker will be able to manipulate all domains in the Cloudflare account.
Before you use this with Cloudflare CDN and give up your global API Key. I would make sure your know you are releasing complete control over your Cloudflare account and all domains in the Cloudflare, if and when the global key gets into the wrong hands.
FastCache need to fix this ASAP it is a very bad security issue and risk to everyones CDN Cloudflare account and all the domains you use Cloudflare to control.
All they need to do is use the WordPress API Token that you can create and NOT THE API GLOBAL KEY.
Never Give up your global API Key. To No App Ever.
Here is the Warning from Cloudflare.
“The Global API Key is an all purpose token that can read and edit any data or settings that you can access in the dashboard. ”
NEVER EVER GIVE ANYONE YOUR GLOBAL KEY ESPECIALLY YOUR WORDPRESS SITE OR PLUGINS>
- The topic ‘Do Not Use this with Cloudflare Unless you want to loose control of all domains’ is closed to new replies.