Hi, just curious of the implications of old disabled plugins or products being a security risk. If the plugin has old files on the server can these files be used to compromise security? I have several old plugins that are disabled. I am hesitant to "uninstall" some products as this once crashed my database. So I am thinking the best move it to leave the products and plugins disabled but remove any files related to them in the filesystem. Is this advisable or a waste of time? Thanks
can old disabled plugins be a security risk?
Collapse
X
-
the crash was a while ago and it put me off wanting to do anymore uninstalls. I'll definitely go through and clean out the filesystem though, and I guess instead of uninstall it is safest to just delete the old plugins from the plugins view? This way the database will not be touched and the plugin will be removed? ThanksComment
-
It's always nice to have cleaned up software thou... Disabled plugins and products can be a security risk it's not supported anymore and files of it are left on ftp. Disabled plugins not using any files should be no risk at all.No private support, only PM me when I ask for it. Support in the forums only.Comment
-
This said however, you should remove all files related to plugins that are no longer used as a matter of cause.Comment
-
They could be, yes.
That would depend on the security risk IMO. If these files can be accessed/run directly then they may well be a security risk. IMO if something is a vulnerable plugin, unless you know what exactly is vulnerable you should uninstall the plugin and remove all files related to it.
This said however, you should remove all files related to plugins that are no longer used as a matter of cause.
That's correct.No private support, only PM me when I ask for it. Support in the forums only.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment