Black Friday
Get 35% Off Now!
Black Friday Sale Ends in
Get Admin Columns Now →

Limited: Only the first 100 new customers get 35% off! Discount will be lowered to 25% after that.

Support

Search results for ""

Sorry, no results found. Perhaps you would like to search the documentation?
All Topics
Nicolas

Should I be worried about the « /wp-content/uploads/admin-columns/ » folder?

Hi,

First of all, thanks for the work you’re putting on Admin Columns Pro.
It’s worth every penny I’ve spent over the years. Keep up the good work!

More and more of my clients use the export feature and I’ve noticed that each CSV download generates a binary CSV file in the « /wp-content/uploads/admin-columns/ » folder.
Should I be worried about the contents of that folder?
Is there any risk of revealing user/admin sensitive data?
Should it be protected at webserver level via a specific directive in an .htaccess file?

Thanks in advance.

2 weeks ago
Stefan
Developer

Thanks for your message.
Yeah, you’re right, although those files are not guessable, they could be accessed directly if you know the url.
Once an export is served, there is no actual need anymore to keep it on the server. To be honest, I think this was something that we intend to make/fix but escaped our attention. I’ll put it on the roadmap again so we can write a script or something that occasionally removed all files that are older than x days.

I’m not sure if it is necessary to restrict the folder with htaccess, but you can surely clear all files in that directory since the files are not necessary anymore once an export file is downloaded.

1 week, 4 days ago
Nicolas

Hi Stefan,

Thanks for your answer.

Happy to know it’ll be back on your roadmap.

As I’m using your plugin to allow my customers to extract data from contact forms filled-in by visitors, I need to make sure those generated files can’t be accessed (even though they seem to be AES-256 encrypted). Privacy and GDPR concerns here.
In the meantime, I’ll restrict access to the export folder with htaccess and setup a CRON to periodically remove those files.

Hope you’re able to fix this issue in an upcoming release soon.

1 week, 4 days ago

You must be logged in to reply to this topic.