[wp-trac] Re: [WordPress Trac] #1038: Limit access to php files

WordPress Trac wp-trac at lists.automattic.com
Tue Nov 21 21:21:45 GMT 2006

#1038: Limit access to php files
 Reporter:  anonymousbugger  |        Owner:  matt   
     Type:  defect           |       Status:  closed 
 Priority:  lowest           |    Milestone:         
Component:  Security         |      Version:  2.0.2  
 Severity:  trivial          |   Resolution:  wontfix
 Keywords:  needs-patch      |  
Changes (by foolswisdom):

  * keywords:  bg|needs-patch => needs-patch
  * status:  assigned => closed
  * resolution:  => wontfix
  * milestone:  2.1 =>


 Closing ticket as WONTFIX. Ticket has not been updated in 7 months.

 It seems two issues are discussed in this bug:[[br]]
 1. What if I web server problem resulted in served up php files being
 displayed in plain text, specifically wp-config.php [[br]]
 2. Source php files in wp-include being directly called for malicious

 The discussion has not resulted in any patches, though it sounds like ```
 <?php defined('__WP__') || die(''); ``` would be accepted for the
 appropriate php files.

 Changing to enhancement b/c no real issue shown to be defective. As the
 priority of "lowest" reflects, and the lack of recent "progress", does not
 seem worth keeping this ticket open longer.

Ticket URL: <http://trac.wordpress.org/ticket/1038#comment:16>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list