so i was just gonna update my blogs, and i thought it might be easier to do it via the automatic updates. but i notice that in order to set that up you need to submit your ftp login info on a non secure page.
so i was wondering who here uses the automatic updates and whether you’ve ever had - or heard of - any security issues from inputting ftp info.
thanks!
Re: wordpress automatic updates question
Never heard of any myself, and supposedly the ftp info is while the upgrade is being done, in other words, not stored or kept. Plus there is the secure ftp option, least it shows on mine.
Re: wordpress automatic updates question
I’ve been doing it since that option came out and never had any problems at all. You’re just as safe as using ftp in my experience.
Re: wordpress automatic updates question
i’m not seeing it as being as safe. consider this: wordpress hackers know how to find and intercept a lot of different things about wordpress. they could intercept the ftp info as you submit it. i guess i’ll do it, then change the login.
Re: wordpress automatic updates question
Good point. However, wouldn’t that have a lot to do with how safe your server and/or host is? What kind of safety precautions are in place?
Changing the login details is a good idea for sure.
Re: wordpress automatic updates question
i never trusted inputing my ftp details into wp for the same reason
Re: wordpress automatic updates question
I’ve been using the automatic updates for upgrading the Wordpress version and also for all plugins. I’ve never had any issues.
If I’m not mistaken, the FTP password is not stored in the WP MySQL database, this is only stored by your browser.
Re: wordpress automatic updates question
[QUOTE=Hammerhead;47268]I’ve been using the automatic updates for upgrading the Wordpress version and also for all plugins. I’ve never had any issues.
If I’m not mistaken, the FTP password is not stored in the WP MySQL database, this is only stored by your browser.[/QUOTE]
I just went and checked things out with my host and they also claim the ftp details aren’t stored in the WP database. I’m also looking for clarification and verification on that through the people at WordPress itself. That’s the best way to find out.
Re: wordpress automatic updates question
i realize that the info isn’t stored - you guys are missing my point. the reason wordpress has so many security issues is that hackers aren’t just looking for stored content - because they know wp so well, they can easily set up scripts to collect data as it is submitted.
Re: wordpress automatic updates question
The only way around this is to use Secure FTP so that the FTP password cant be sniffed when you do the upload.
I’m noticing that on my Wordpress installs on NatNet and Exmasters, I see the both the FTP and FTPS(SSL) radio buttons on the WP upgrade page. But with my blogs on Mojohost only the FTP choice appears.