Prior to version 1.4, Portable phpMyAdmin plugin used to be a zero-footprint plugin. Due to recent events involving its vulnerability, I have decided to add a security key.
This security key is generated when the plugin is first activated, and then stored inside WordPress’ options table. The key is unique to each blog, and once generated, it cannot be changed or deleted. As the phpMyAdmin utility is loaded inside an iframe, it is required to verify if the user has an administrator role and the key parameter is the same as the stored one. This process completely eliminates external access to /pma/ folder, or any other subfolder.
Along with this security enhancement, I have continued my theme quest and tweaked the user interface a bit, moved some boxes, added some styles and removed some unused functions.
Please upgrade to version 1.4 (or higher).
If you found any value in this post, agree, disagree, or have anything to add - please do. I use comments as my #1 signal for what to write about. Read our comment policy before commenting! Comments such as "Thank you!", "Awesome!", "You're the man!" are either marked as spam or stripped from URL.