[wp-trac] [WordPress Trac] #26273: If possible, change file permissions on deactivated plugins so they're not web-accessible.
WordPress Trac
noreply at wordpress.org
Mon Jun 30 19:15:28 UTC 2014
#26273: If possible, change file permissions on deactivated plugins so they're not
web-accessible.
----------------------------+-------------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Administration | Version:
Severity: normal | Resolution: maybelater
Keywords: | Focuses:
----------------------------+-------------------------
Changes (by TobiasBg):
* status: reopened => closed
* resolution: => maybelater
Comment:
Sorry, but editing plugin PHP files will not be a feasible solution here.
That's just too unreliable and risky, and there are too many things that
can go wrong, given the many different server configurations that
WordPress has to support.
Maintaining an .htaccess file (and similar for other webservers) might
work, but there are still too many what-ifs and situations that would not
be covered (and maybe can not be covered).
Meanwhile, if this is a concern for certain hosts, they could very well
proceed by blocking requests to PHP files in the plugins directory on
their servers, maybe with a custom white list of plugins.
Remember that this ticket can always be re-opened if a specific way on how
to proceed comes up or someone finds a feasible strategy. Please let's
leave this closed until that.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list