Quick Post Widget, vs. TDO Mini Forms, ucan-post, UCan

Dear Colleagues:

I was using TDO Mini Forms plugin – (WP folks – WE NEED SOMETHING TO ALLOW USERS TO POST FROM THE FRONT PAGE!)

Not long ago I have leared, it was removed from repository.

I have found some pople use “Quick Post Widget”.

Drop here a link how YOU use, please.

Here is my concern: It is secure enough?

Here is a post on one of the small board:

______________________________
I got it working using “author” but my theme developper mentioned that it is not recommended as it present a greater security risk. My main concern, however, is preventing people from introducing malware via their posts. I already have the site protected by ZBBlock and was wondering if disabling media upload in your widget was sufficient or should I also disable the plugin editor? I am not technical and I much appreciate your input.

Developer:
The media upload component can be configured to allow only certain file extensions and a certain size. Look for the file:

wordpress\wp-content\plugins\quick-post-widget\mce\tinybrowser\config_tinybrowser.php

If you are in doubt just disable media upload.

Disabling the visual editor won’t change much because it’s merely a tool for easier posting. With the editor disabled you can, just by using the plain post box of the widget, still insert HTML etc.

I would say there’s no risk involved.

I only disabled media upload and the plugin is working fine.

————-

Thank you!

Admin
https://is.gd/eL3ECi