[wp-trac] Re: [WordPress Trac] #6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure wp-admin

WordPress Trac wp-trac at lists.automattic.com
Mon Apr 20 11:03:04 GMT 2009


#6473: Wordpress 2.5 fails to allow file uploads if you use .htaccess to secure
wp-admin
-------------------------+--------------------------------------------------
 Reporter:  hexley       |        Type:  defect (bug)
   Status:  new          |    Priority:  low         
Milestone:  2.9          |   Component:  Upload      
  Version:  2.5          |    Severity:  normal      
 Keywords:  needs-patch  |  
-------------------------+--------------------------------------------------

Comment(by hexley):

 I am not even sure this is an issue anymore.  I would need to test.  If
 you are going to pass user:pass@ and rely on SSL, I would just forget it,
 and leave it as is. The point of .htaccess to secure wp-admin is to add
 another layer of security.  If you pass the user and pass along like that,
 I believe you make it worse.

 It has been 13 months and I have not heard a lot of noise on this, I guess
 a lot of people do not care.  Strange thing is, most "hardening" wordpress
 articles, say to use .htaccess to secure things.

 It may be possible to just rename wp-admin, if not, it should be, as I
 would rather have security by obscurity in this case.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/6473#comment:12>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list