[wp-trac] [WordPress Trac] #26273: If possible, change file permissions on deactivated plugins so they're not web-accessible.
WordPress Trac
noreply at wordpress.org
Sun Jun 29 20:54:42 UTC 2014
#26273: If possible, change file permissions on deactivated plugins so they're not
web-accessible.
----------------------------+-----------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+-----------------------
Changes (by planetzuda):
* severity: minor => normal
Comment:
Yes, best practice is for the plugin author to automatically do this, but
this doesn't always happen. As previously stated There are multiple ways
to implement this. It could be implemented through the .htaccess or the
code could be added to each plugin file when deactivate_plugins is ran or
similar functions. There are lots of other ways to handle this, like
adding in /* and ending it at the beginning and end of each block of PHP
code.
Evaluating risk is important, however it is a bigger risk not to fix this
issue then to possibly run into some configuration problems. Kirrus said
something very similar to this affect 7 months ago
https://core.trac.wordpress.org/ticket/26273#comment:6
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list