We test our system day by day checking about php allowing bad formats in upload routines.
I discovered recently that developers uploaded a plugin with examples, that allow peoples to send php files to the server.
I know the best way is to delete this files (and block the php execution on upload folders).
We are following all the very best practices, but still this pass in someway through our eyes, for example the official plugin folder are blocked by php execution.
But i want to increase the security more, without depending on the developers. I am searching for some way to block in php.ini the uploads by extensions, is that possible? How can we do that?
Thank you.
Asked by Luciano Andress Martini
(6926 rep)
Oct 19, 2016, 05:15 PM