[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 13 20:08:26 UTC 2010
#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
-------------------------+--------------------------------------------------
Reporter: chipbennett | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version:
Severity: normal | Keywords: wp-load, wp-config
-------------------------+--------------------------------------------------
Currently, wp-load.php looks for wp-config.php both in the same directory
as wp-load, and also one directory higher. Thus, for the default use case
(WordPress installed in a subdirectory, e.g. public_html/wordpress/), wp-
config.php can be placed in /public_html/wordpress/ or /public_html/.
Due to security concerns (e.g. the recent Network Solutions wp-config.php
hack), it may be advantageous to move wp-config.php above the publicly
accessible /public_html/ directory altogether, as such:
`/wp-config.php
/public_html/wordpress/wp-load/`
Granted, anyone who would go to the trouble of moving wp-config would
probably not leave file permissions insecure. Even still, this would
provide an extra layer of security for obscuring database credentials.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12988>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list