INDEX | RULES & INFORMATION | SUPPORT FORUM | DOCUMENTATION | SEARCH | MEMBERS | TWITTER | TERMS


 
Add Reply
New Topic
New Poll

 Wordpress Template Editor: Is it Evil?
Chakka
 Posted: Apr 1 2014, 05:50 AM
Quote

185 POSTS
28 YEARS OLD
N/A
09/29/2013
Male
Offline



Okay, so currently running up against a minor setback with a project I'm involved with at work and was wondering if anyone here could illuminate why?

Basically, I manage the online presence for several companies, one of which is a new acquisition and already has a significant user base. As such, I've been left in the less-than-ideal scenario of having a website that I'm in charge of maintaining, hosted by another company. By and large, that company is far more competent than our in-house team and generally I'm happy with staying with them (not that I have a choice tongue.gif) but their director has denied my request to be able to use the Wordpress Template Editor.

To be clear, the website uses Wordpress as it's CMS and I'm allowed admin access in order to update most other parts. However, the brand is going in a new direction and we really need flexibility on the front page right now, which the current theme is not great with. Anyway, point is it would everyone's lives easier if I could, but they're worried about security risks of doing so.

Now, I'm aware that people could inject malicious content onto the site from the Template Editor, but as far as I can see the root admin account has that access (it isn't blocked across the board) so allowing me the same access doesn't significantly increase the risk of a blunt-force login hack.

I'm also aware that, certainly in the past, it has been possible to inadvertently break files from incorrect PHP statements that would require the website dev team to fix my mess using FTP (which I won't get, ever, and that's fine) and I can understand trepidation of allowing an unknown third party access.

My question, or tl;dr, is: could I directly compromise their server and other hosted sites by using malicious database queries (or something) from the Template Editor AND could I not as easily infect their network by using the HTML editors on Post edit pages or even injection with an image? Or does the Template Editor pose a significant risk to them and should I concede that they know better tongue.gif

Cheers for any help!
PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Technical Discussion | Next Newest »

Topic Options
Add Reply
New Topic
New Poll


 


 


Latest Shouts In The Shoutbox -- View The Shoutbox · Rules -