[wp-trac] [WordPress Trac] #26273: If possible, change file permissions on deactivated plugins so they're not web-accessible.
WordPress Trac
noreply at wordpress.org
Sun Jun 29 20:18:49 UTC 2014
#26273: If possible, change file permissions on deactivated plugins so they're not
web-accessible.
----------------------------+-----------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: | Focuses:
----------------------------+-----------------------
Comment (by TobiasBg):
Ok, but were would you run that code? Running it in WordPress core won't
work, as a direct access to a plugin file will not trigger it, as plugins
don't load the WordPress files.
The only real possibilities here would be plugins blocking direct file
execution by themselves (which many do with a check like `defined(
'ABSPATH' ) or die();`, or to block the entire request on the server
level. This would require that WordPress maintains a "blacklist" (in
.htaccess files and similar) which is just too risky and error-prone for
server configuration changes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list