WordShell takes security very seriously. Of course we do – the purpose of the tool is to keep you up to date. We welcome responsible disclosure of any security problems you find.
- (none yet)
Tips For Running WordShell Securely
You should remember that WordShell stores your FTP passwords in its configuration file. By default this is in .wordshell/rc in your home directory. Do not keep them on a machine that untrusted people can access.
Remember also that FTP is not always encrypted; data and passwords can be snooped ‘over the wire’. WordShell supports encrypted FTP, SFTP and FTP over TLS for encryption by default. We recommend you use one of those modes if your web host supports it.