Contributor Role and Malicious Code

  • If I give my users CONTRIBUTOR role, will it they be able to inject malicious code? Will it be easier for them to hack the site?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Yui

    (@fierevere)

    永子

    Yes and no.

    While contributor role is restricted (notably – not allowed to use unfiltered HTML) its easier to exploit existing (if you havent updated) and future vulnerabilities. This affects not only WP, but also (and even more!) themes and plugins that didnt care for proper access check.
    Generally you should now allow any access without compelling reason (and not just for WP!)

    Thread Starter matthew06

    (@matthew06)

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Contributor Role and Malicious Code’ is closed to new replies.