[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 14 20:30:46 UTC 2010
#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
--------------------------------+-------------------------------------------
Reporter: chipbennett | Owner: ryan
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: wontfix
Keywords: wp-load, wp-config |
--------------------------------+-------------------------------------------
Comment(by westi):
Fake wp-config.php is the only reasonable solution to this.
We wouldn't have added the check for a folder up like we did if it wasn't
for the strong subversion managed install use-case - in that scenario a
fake wp-config.php just wouldn't work.
Don't forget moving wp-config.php outside public_html doesn't improve the
security of the file.
It will only protect you if the server stops processing the file as a php
file.
Where ever the file is the server security configuration and the file
permissions still need to be set correctly to adequately protect the
information within.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12988#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list