[wp-trac] [WordPress Trac] #26273: If possible, change file permissions on deactivated plugins so they're not web-accessible.
WordPress Trac
noreply at wordpress.org
Sun Jun 29 16:07:09 UTC 2014
#26273: If possible, change file permissions on deactivated plugins so they're not
web-accessible.
----------------------------+----------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution: wontfix
Keywords: | Focuses:
----------------------------+----------------------
Changes (by Ipstenu):
* status: reopened => closed
* resolution: => wontfix
* severity: normal => minor
Comment:
That goes back to dd32's point though. If the plugin dev isn't doing it in
the file, then it's difficult to block PHP files for all possible server
configs (.htaccess works for Apache, but not IIS, nginx,etc). Also, again,
Multisite. Sometimes a plugin is active on one site and not others, which
would make the file accessible and a vector for ALL sites on the network.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list