Can a user spread virus on my Multisite?

1 Views

Can a user spread Virus or do an harm to Multisite Installation ? Can a user take a chance of using “HTML ” option in posts? In what ways do my Multi-site have chances to get attacked ?

Could you suggest me some precautions to follow with multisite ? I wanted to maintain Muilti-site for Public registrations with full features like any other Blogging platform does.

Post Views: 1

Related posts

Leave a Reply

3 comments

  1. Out of the box multisite has the same security as wordpress.com gives it users – being that it strips all kinds of extras, even if you are an administrator of your own blog. Super Admin has the basic WordPress permissions, everyone else does not.

    no iframes, no javascript, no code.

  2. Disclaimer – I am not experienced with multisite specifics.

    This depends on amount of access user is given:

    • ability to submit/run PHP code in any form – bad, should never be allowed;
    • ability to submit unfiltered HTML (+JavaScript) – unlikely to compromise installation itself, but can be abused to post malware on frontend.

    Overall this is quite specific case, which requires niche expertise. It is probably best to look for tutorials and consultations from people who specialize in such type of WP usage, rather than generic WP bunch.

  3. if the user can install plugin or theme then my answer is yes

    add:

    basically there is no difference between wpmu and normal wp.

    there many ways to attack a wp instance, especially when you rarely update your site.
    so the first tips is immediate update when an update is released.

    you can harden your installation by following this steps:
    http://codex.wordpress.org/Hardening_WordPress

    and in case you missed some steps, not allowing your users to install new theme and plugin would really help, user have a lot of power when they can upload and run php script.