Many users of our tools install additions that can significantly affect safety of their websites

We do not recommend installing any file managers including WYSIWIG managers like tinyMCE or CKEditor.

These additions have some advantages, but they also have two very serious flaws:

1. In most cases the managers can be activated directly by loading an address, which is very easy to detect. Unfortunately, very few verify whether the addition was called from the administration panel or directly. Unprotected addition allows an intruder to add and delete files as well as use the breach in security to upload undesirable content on the website.
2. On the Internet forums you can find information on all kinds of breaches of security of e.g. popular Ajax File Manager in the topic Remote Code Execution Vulnerability. This error is not more than couple of months old and very few users update those additions. Our tools have timyMCE editor embedded in them. All the intruder has to do, is to see whether you have additionally installed e.g. the Ajax File Manager (it's very easy to check) and use the breach to upload some unwanted content on your website.

This is why we don't recommend installing additions, that enable uploading or deleting files as well as executing any PHP code. Additionals that at this moment can be used to do this, are: Ajax File Manager, A&R FileManager, CKFinder (the last one is installed on CKEditor and in our opinion it is much harder to breach than the first two).

Security of a website is a very vast subject, on which you can find some information in the documentation.