[wp-trac] [WordPress Trac] #26273: If possible, change file permissions on deactivated plugins so they're not web-accessible.
WordPress Trac
noreply at wordpress.org
Sun Jun 29 08:56:36 UTC 2014
#26273: If possible, change file permissions on deactivated plugins so they're not
web-accessible.
----------------------------+-----------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+-----------------------
Changes (by planetzuda):
* status: closed => reopened
* resolution: wontfix =>
* severity: minor => normal
Comment:
May we make a suggestion that should satisfy everyone? If a plugin is
disabled, no file should be accessed directly, so it would be safe to
block access to the ABSPATH for every file in the plugin while
deactivated. While we know plugins should already block access to
sensitive files, they don't always.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list