safe to update plugins via wp?

  • I noticed in my upgrade to 2.51 that they let you upgrade the plugin via the web interface.

    That would be cool functionality, but that sounds dangerous to me. Where is this information being stored?

    If the hacker got access to my database, wouldn’t he get access to my ftp account as well.

    I have sftp/scp. I noticed on the plugin upgrade interface that you can specify ssl. What does this mean? Does that mean it can send credentials in a secure way?

Viewing 1 replies (of 1 total)

  • My vote is against using it. There’s simply no way to even approach anything you can call secure, if you’re going around handing out your FTP login details.

    IMO that’s just ridiculous.

    This feature is a nice idea, but it should use http to pull the file to you — no credentials required.

Viewing 1 replies (of 1 total)
  • The topic ‘safe to update plugins via wp?’ is closed to new replies.