[Louis Passano III]

With Wordfence plug-in I am alerted that some plug-ins under CBox have updates available.  I could download and install the updates through cpanel or http://FTP.  Should I do that, or would it break CBox?

Hearing often that we must keep our site updated to avoid malicious activity.  Have lots of folks finding and joining the site to post links to their sites.  How can I prevent subscribers from entering HTML in their posts and profiles.

Looks like two questions Updates and Security. – Louis

Link to my site <span class=”style1″>href=”http://jafanet.net&#8221; <span class=”red”>target</span>=<span class=”blue”>”_blank”</span> ></span>JafaNet<span class=”style1″></span></span>

 

 

 

 

[Scott Voth]

Hi Louis –

I imagine Wordfence will pick up the existence of any plugin updates – and you are free to jump ahead of course, but the beauty of CBOX is that it manages the plugins and the theme so that nothing will break and everything works well together.  The CBOX dev team is on top of security issues and will release a new version of CBOX with updated plugins if it deems such a release is necessary.

In terms of html in posts/comments – I think typically some are allowed – most stripped out.  (And the editor also allows some more formatting tags.)  See below:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

There are probably plugins that you can install to adjust these, if you want to lock down further.

[Author]

Posts