Prevent customer from uploading a malicious file via an Upload Form

Home Forums BulletProof Security Free Prevent customer from uploading a malicious file via an Upload Form

This topic contains 2 replies, has 2 voices, and was last updated by  Samir 10 months, 3 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #33237

    Samir
    Participant

    Hi

    We have a wordpress website that allows customers to upload pictures (eg. jpg, png) and may allow uploading videos as well.

    Does the plugin perform any sort of live scanning to the uploaded files that can protect the website against the threat of having a customer uploading a virus or a malicious code?

    I think “Uploads Anti-Exploit Guard (UAEG)” feature does a similar thing, but I am not sure if its scanning is live, periodic or manual. And I also need to know what it will do if it detected a malicious code.

    Thanks in advance

    #33238

    AITpro Admin
    Keymaster

    BPS and all other WP Security plugins do not interfere with other Plugins or Themes Upload Forms or anything else that is seen as normal functionality in in other Plugins or Themes.  If a Plugin or Theme has an Upload Form then the Upload Form code itself should have sanitization and validation security code to only allow certain file types to be uploaded using that Plugin or Theme Upload Form.  So as long as your Plugin or Theme Upload Form does not allow .php files or other executable file types to be uploaded then you do not need to worry about files after they are uploaded to your website.

    Regarding scanners/scanning for malicious code or files, all malicious code scanners can only detect obvious malicious code patterns and are not capable of detecting that a file is hacker file if the file does not contain any obvious malicious code patterns.  Currently BPS does not have a malicious code scanner for that reason, but we will be adding a malicous code/file scanner later to BPS.  Note: A scanner should only be used as confirmation that your site is already hacked.  Some plugins with malicious code/file scanners claim to be able to detect and remove all hacker files, which is simply not possible to do since some hacker files are intentionally created to not be detected by any/all scanners since they do not contain any obvious malicious code.

    BPS Pro UAEG blocks executable file types from being accessible or executed in your WordPress /uploads folder.  So if a hacker did somehow upload a hacker file to your WordPress /uploads folder then the hacker file would be useless to the hacker since that hacker would not be able view, process, access or execute the uploaded hacker file in your WordPress /uploads folder.

    #33293

    Samir
    Participant

    Thanks a lot ATI pro for your fast and detailed feedback

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.