Using wp-load.php outside Wordpress. Security risk or not?

0 投票
最新提问 用户: (160 分)

I am using this outside Wordpress to get access to different Wordpress' tables:

define('WP_USE_THEMES', false);

It works perfectly. But is there a higher security risk? Can I be hacked that way if e.g. someone knows the name of the php script?

I am not passing any values to the script. It's just called by cron to create pseudo materialized views out of some very slow MySQL views for statistical purposes.


0 投票
最新回答 用户: (140 分)

When you use wp-load.php via external .php file , there will be always one Security Issue on SQL injections. Someone can use or inject SQL queries if external file have not much secure.

You can always secure that file via giving right permission (644) , not leaving any extra spacing before and after code. Also do not put the file directly in the root , you can place that file outside root or inside wp-content.

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。