[wp-hackers] xmlrpc.php's location
Mike Little
journalized at gmail.com
Fri Sep 17 20:11:10 UTC 2004
On Fri, 17 Sep 2004 12:52:35 -0700 (PDT), Deirdre Saoirse Moen
<deirdre at deirdre.net> wrote:
> On Fri, 17 Sep 2004, C. Rummel wrote:
>
> > That is definitively the way to go, securitywise. Drawback is it makes
> > installation a lot more complicated. And not everybody has access to
> > directories outside of document root.
>
Chris, I agree. I wasn't advocating that WP *requires* the files
outside the doc root, but that a knowledgeable implementor *could* do
that. Just as (I think) you can currently do with wp-include.
> One other thing I use for my own web pages is that files that are ONLY
> included have a .inc suffix with an .htaccess that prevents them from
> being loaded directly.
>
That's something I hadn't thought of Deidre. Though the same potential
drawback exists, in that some people won't be able to use/modify
.htaccess
Mike
--
Mike Little
http://zed1.com/journalized/
More information about the hackers
mailing list