[wp-trac] [WordPress Trac] #18546: Add index.php to wp-includes and wp-admin/includes
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 5 16:59:20 UTC 2012
#18546: Add index.php to wp-includes and wp-admin/includes
----------------------------+------------------------------
Reporter: SergeyBiryukov | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------------------
Comment (by bpetty):
It really doesn't make any difference whether the WP-specific folders not
containing user content (possibly sensitive information) are directory
indexed or not, but I can certainly see a reason to silence directory
indexing on any folders containing installation-specific files (i.e. any
folder under wp-content).
So if this is something that is done, I would recommend that only the
following folders are included (there might be some other dynamic folders
missing here):
{{{
wp-content *
wp-content/blogs.dir/{$blog_id}/files (see multisite)
wp-content/cache (see RSSCache class)
wp-content/languages (see update_core())
wp-content/mu-plugins
wp-content/plugins *
wp-content/themes *
wp-content/upgrade (might not be necessary if only used for core update)
wp-content/uploads
wp-content/uploads/[YYYY]
wp-content/uploads/[YYYY]/[MM]
* These are already silenced.
}}}
Silencing wp-includes or wp-admin is really completely pointless, and
doesn't help secure anything or hide any sensitive content.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18546#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list