New version 3.9.0 of WordPress File Upload plugin has just been released.
This is an important update as it introduces several security improvements that will prevent the upload of potentially dangerous files that may compromise and take control of the system and also will protect against upload overflow attacks.
There has been a change of policy regarding the allowed file extensions. A comprehensive list of extensions is now forbidden that mostly relate to code / script / executable files. Furthermore, administrators are strongly recommended to define white lists of allowed extensions using uploadpatterns attribute if they haven’t already done so. This will prevent unnecessary or irrelevant files to be uploaded. If they do not specify allowed extensions, then the plugin will allow only specific ones, based on the plugin’s default white list.
Another new security feature is protection against Denial-Of-Service (DOS) attacks, in order to prevent crashing of the website due to overflow of files. To do this the plugin continuously monitors the number of files uploaded within a specific time period. If too many files are uploaded then the plugin stops the uploads and automatically notifies the administrator with an email message.
You can check more details in the Release Notes of the plugin’s support page.
Please note that this update may affect the behavior of the plugin and may prevent the upload of files that were previously allowed.A separate article will be published within the next daysto provide more information about the new extension policy and solutions to problems that may arise. In any way, users with problems can contact Iptanus for instructions.
Users who have purchased the Professional version of the plugin can download the latest one by logging into their Iptanus account, selecting the order and downloading the new file. Instructions for installing the new version can be found here.
Users of the Free version can update to the latest one using the Update feature of the Plugins section of their Dashboard.
Iptanus team is constantly striving to make WordPress File Upload plugin more user friendly and more bug free, so it will continue issuing new releases. It is reminded that users of the Professional version, will have free updates of the plugin for a lifetime!!!
For any questions, bugs or information please contact us.
The Iptanus team