[wp-trac] Re: [WordPress Trac] #6473: Wordpress 2.5 fails to allow
file uploads if you use .htaccess to secure wp-admin
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 20 11:03:04 GMT 2009
#6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure
wp-admin
-------------------------+--------------------------------------------------
Reporter: hexley | Type: defect (bug)
Status: new | Priority: low
Milestone: 2.9 | Component: Upload
Version: 2.5 | Severity: normal
Keywords: needs-patch |
-------------------------+--------------------------------------------------
Comment(by hexley):
I am not even sure this is an issue anymore. I would need to test. If
you are going to pass user:pass@ and rely on SSL, I would just forget it,
and leave it as is. The point of .htaccess to secure wp-admin is to add
another layer of security. If you pass the user and pass along like that,
I believe you make it worse.
It has been 13 months and I have not heard a lot of noise on this, I guess
a lot of people do not care. Strange thing is, most "hardening" wordpress
articles, say to use .htaccess to secure things.
It may be possible to just rename wp-admin, if not, it should be, as I
would rather have security by obscurity in this case.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/6473#comment:12>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list