Do not allow unfiltered uploads for admins by default
|Reported by:||ryan||Owned by:||ryan|
When someone compromises an admin account, often one of the first things they do is upload some .php files. This is allowed because admin users have the unfiltered_upload capability. Perhaps this should be disallowed by default, with a wp-config define enabling it again. With this disallowed and all write permissions on files locked down, adding arbitrary code is much harder even when an admin account is compromised.