Are snippets a security risk?

  • Resolved jjci

    (@jjci)


    1 year, 10 months ago

    In a number of topical solutions, people have added their custom PHP code to their site using Code Snippets as an easy and practical alternative to updating the functions.php file. However, I recall seeing at least one instance in this forum where use of Code Snippets was not recommended due to security concerns.

    I would appreciate any feedback because I plan to make extensive use of the PODS hooks. However, I have been unable to get them to work using the content blocks of my theme (Blocksy), and finally had to revert to using Code Snippets for this requirement (it worked perfectly).

    Do these security concerns still exist? If so, are they specific to PODS?

    If so, are these concerns specific to the Code Snippets plugin, or do they also apply to other similar plugins which do much the same thing?

    Any feedback would be appreciated.

Viewing 1 replies (of 1 total)
  • Plugin Support Paul Clark

    (@pdclark)

    Running PHP exec() on data stored in the database adds an additional attack vector. Plugins which store snippets to the database likely do this. One alternative is to create plugins by adding a plugin header with at least Plugin Name: as shown in the linked doc.

Viewing 1 replies (of 1 total)
  • The topic ‘Are snippets a security risk?’ is closed to new replies.