WordShell takes security very seriously. Of course we do – the purpose of the tool is to keep you up to date. We welcome responsible disclosure of any security problems you find.

If you believe you have found any security problems with WordShell, then please file a ticket or report them to: [email protected] You will receive a quick reply.

Security Notices:

  • (none yet)

Tips For Running WordShell Securely

You should remember that WordShell stores your FTP passwords in its configuration file. By default this is in .wordshell/rc in your home directory. Do not keep them on a machine that untrusted people can access.

Remember also that FTP is not always encrypted; data and passwords can be snooped ‘over the wire’. WordShell supports encrypted FTP, SFTP and FTP over TLS for encryption by default. We recommend you use one of those modes if your web host supports it.

Leave a Reply