Skip to content

Commit

Permalink
Update src/govpress-unit/plugin-reviews.md
Browse files Browse the repository at this point in the history
Co-authored-by: Ynda Jas <[email protected]>
  • Loading branch information
jdudley1123 and yndajas authored Oct 4, 2023
1 parent 589eb69 commit 3a7b4bd
Showing 1 changed file with 13 additions and 13 deletions.
26 changes: 13 additions & 13 deletions src/govpress-unit/plugin-reviews.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,25 +67,25 @@ is unsafe.
A plugin inspection mostly involves checking these pattern matches to see if
they represent real issues.

## Checking for hosting-environment compatibility
## Checking for hosting environment compatibility

In addition to general security issues, the plugin should also be checked for
likely incompatibilities with the hosting environment.

These include, but are not limited to:

* Direct calls to php files (i.e. in URLs) under `wp-content`.
* Use of `/xmlrpc.php`.
* Assumption the directories other than `wp-content/uploads` or
`wp-content/cache` can be written to (unless otherwise configurable).
* Use of PHP sessions (check for `session_start()`)
* Assumption that `wp_` is the database prefix.
* Assumption that `/wp-admin/admin-ajax.php` can be accessed by non-logged-in
users.
* Reliance on PHP modules other than those suggested by WordPress core.
* Reliance on `.htaccess` files.
* Features likely to take more than 30 seconds to output responses, even
in the administrative interface.
* direct calls to PHP files (i.e. in URLs) under `wp-content`
* use of `/xmlrpc.php`
* an assumption that it's possible to write to directories other than
`wp-content/uploads` or `wp-content/cache` (unless otherwise configurable)
* use of PHP sessions (check for `session_start()`)
* an assumption that `wp_` is the database prefix
* an assumption that `/wp-admin/admin-ajax.php` can be accessed by users who
are logged out
* reliance on PHP modules other than those suggested by WordPress core
* reliance on `.htaccess` files
* features likely to take more than 30 seconds to output responses, even
in the administrative interface

## Writing up Inspections

Expand Down

0 comments on commit 3a7b4bd

Please sign in to comment.