I am working on my first blog and would like to use the plugin “Quick Post Widget” All works fine and blog visitors can even upload an image or movie. Automatically their own folder is created in the uploads folder of wordpress.
My worry is that the URL to the folder is visible and accessable through http.
What if someone wants to be lets say very bad an uses this plugin on my blog an uploads some .exe (with a change extension to eg .jpg) file or whatever to run a virus or for what ever other bad reason to sabotage my site or even the server on Dreamhost.
I don’t even know if it is possible since the widget only allows pictures and short movie (flash, avi, ect.), so the file extentions are set .jpg or .avi and so.
Of course only selected people will have access to this feature on the blog, but still I would like to be sure that it is 100% safe to use the widget witch is open to selected public, but still I will not know them personally and all post will be held for approval by me.
Hope I made myself clear and await your respons.