Upload security question


#1

Hi all,

I am working on my first blog and would like to use the plugin “Quick Post Widget” All works fine and blog visitors can even upload an image or movie. Automatically their own folder is created in the uploads folder of wordpress.
My worry is that the URL to the folder is visible and accessable through http.
What if someone wants to be lets say very bad an uses this plugin on my blog an uploads some .exe (with a change extension to eg .jpg) file or whatever to run a virus or for what ever other bad reason to sabotage my site or even the server on Dreamhost.
I don’t even know if it is possible since the widget only allows pictures and short movie (flash, avi, ect.), so the file extentions are set .jpg or .avi and so.
Of course only selected people will have access to this feature on the blog, but still I would like to be sure that it is 100% safe to use the widget witch is open to selected public, but still I will not know them personally and all post will be held for approval by me.

Hope I made myself clear and await your respons.

Ron


#2

I am not sure if this is like a “drop-off only” or if they’re supposed to be allowed to access these files after they upload…

But most likely you are looking maybe here on the menu in the Control Panel: .htaccess/WebDAV

Through here, you can create a folder (say, the uploads folder) then make it password protected by checking that and entering in some user accounts/passwords… You can also block certain file types, and they have a few added in already for example. I would leave “WebDAV” unchecked, since these likely aren’t going to be WebDAV folders.

I am only days new to this interface, myself… so I’m still learning my way around, but hopefully that may steer you in the right direction?