• 赤色のリンクは、まだ日本語Codexに存在しないページ・画像です。英語版と併せてご覧ください。(詳細

このWikiはいつでも誰でも編集できます

FAQ/セキュリティ

提供: WordPress Codex 日本語版
< FAQ
2010年1月24日 (日) 14:46時点におけるBono (トーク | 投稿記録)による版 (en:FAQ Security 16:53, 23 January 2010 MichaelH 版を翻訳用にコピー)

(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
移動先: 案内検索

Back to FAQ

Where do I report security issues?

Send an email with the details to security@wordpress.org.


Where do I report copyright infringements, libel, and other legal issues?

You don't! WordPress.org does not host sites. WordPress.org provides publishing software that anyone can download and use. The organization, WordPress.org, has no control over who uses the software or how they use it. In other words, WordPress.org does NOT have the power to take down comments, posts, sites, or anything else. Perform a whois lookup to track down the operator or host of a particular site, then report the infringement to those organizations.


I've been hacked. What do I do now?

The Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

Why are some users allowed to post unfiltered HTML?

Users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate. Users with lesser privileges are not allowed to post unfiltered content. If you are running security tests against WordPress, use a lesser privileged user so that all content is filtered. If you are concerned about an Administrator putting XSS into content and stealing cookies, note that all cookies are marked for HTTP only delivery and are divided into privileged cookies used for admin pages and unprivileged cookies used for public facing pages. Content is never displayed unfiltered in the admin. Regardless, an Administrator has wide-ranging super powers among which unfiltered HTML is a lesser one.


Why are there path disclosures when directly loading certain files?

This is considered a server configuration problem. Never enable display_errors on a production site.

Back to FAQ

最新英語版: WordPress Codex » FAQ Security最新版との差分