Categories
WordPress Security

Avoid File Manager plugin (critical security flaw)

File Manager plugin in WordPress is one of the most famous plugins with over 600,000 active installations. It allows users to browse, edit, and upload files and folders in your server that’s running WordPress.

CAUTION: We strongly recommend that you never use any type of file manager plugin or WordPress’s inbuilt file editor.

Vulnerability in File Manager Plugin

List of All Previous Vulnerabilities in File Manager Plugin
List of All Previous Vulnerabilities in File Manager Plugin

File Manager Plugin has been vulnerable almost every year and it had critical vulnerabilities most of the time. Recently a new zero-day exploit has been found in the site which is spreading havoc among website owners. Currently, there are over 300000 sites that are vulnerable to this exploit.

Alternative to File Manager Plugin in WordPress

There are many alternative plugins for file manager plugin, But I would strongly recommend none. In my view, you should not use any plugins for making changes to your WordPress files, not even the WordPress file editor. You should use SFTP instead to connect to your server and make changes to the site.

Disable Plugin & Theme editor in WordPress :

define( 'DISALLOW_FILE_EDIT', true );

You can use the above code in your wp-config.php file, to disable plugin and theme file editor in WordPress to avoid any unintended consequences. If you still want to use the plugin, make sure that you always use the latest version of the plugin and delete the plugin as soon as you finish using it.

If you have any doubts about your WordPress site being hacked or it’s extremely slow or you see any weird characters in google search results, when you search your website URL, then it could be an indication of your site being hacked. If you have any questions related to your WordPress site, feel free to contact me via the contact form or you can also contact WordPress experts from wpboys.com to help you clean up your website with their Website Malware Removal Service.

By Murali Kumar

Murali Kumar is a Full Stack Web Developer with over ten years of experience. He works mostly with small and medium-size businesses. He loves helping businesses with their WordPress based websites.

Leave a Reply

Your email address will not be published. Required fields are marked *