Disabling PHP execution in /uploads/

  • Resolved davemccourt

    (@davemccourt)


    5 years, 4 months ago

    Hi, I normally disable PHP execution in /uploads/ as a security measure (I’ve seen PHP code in uploaded files before). I usually use an .htaccess file to do this.

    I notice that Koko creates a file called pageviews.php

    Will Koko still work if PHP execution is disabled here?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Lap

    (@lapzor)

    5 years, 4 months ago

    Koko will indeed not work if PHP execution is turned off for that file.

    Plugin Author Danny van Kooten

    (@dvankooten)

    5 years, 4 months ago

    Hello @davemccourt,

    Sorry, allow me to correct my colleague here.

    You can safely turn off PHP execution for the uploads directory even with Koko Analytics enabled.

    We only use that file for temporary data storage.

    The file has the PHP extension because we add a first line containing <?php exit; ?> which makes the file immediately exit when requested by a browser, thus making the file unreadable. Without this line someone could use it to guesstimate how much visitors your website is getting.

    So if you do turn off PHP execution, I recommend blocking access to that file in some other way (in your htaccess, for example).

    I hope that clarifies. If not, let us know please.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Disabling PHP execution in /uploads/’ is closed to new replies.