Protecting Your Elgg Site
Written by Rodolfo Hernandez Wednesday, 24 November 2010
Some people are telling Elgg users to disable a plugin called “HTMLAWED plugin” ( a plugin that comes as default in every Elgg install) so that they can embed content. This is not recommended.
The plugin mentioned above stops users from adding arbitrary HTML/PHP code onto your site that could break your site design and might even allow phishers to embed code in order to steal their passwords.
So, no matter what someone say, do not disable HTMLAWED. It could not only harm your website, but also harm/overload our servers. Not so long ago, there was a website in which someone uploaded a php script that overloaded one of Arvixe’s servers. It turned out that HTMLAWED was disabled and someone added a harmful code onto the site.
For more info about Elgg hosting solutions please visit Arvixe-Elgg Hosting