[wp-trac] [WordPress Trac] #26273: If possible, change file permissions on deactivated plugins so they're not web-accessible.

WordPress Trac noreply at wordpress.org
Sun Jun 29 20:54:42 UTC 2014


#26273: If possible, change file permissions on deactivated plugins so they're not
web-accessible.
----------------------------+-----------------------
 Reporter:  kirrus          |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+-----------------------
Changes (by planetzuda):

 * severity:  minor => normal


Comment:

 Yes, best practice is for the plugin author to automatically do this, but
 this doesn't always happen. As previously stated There are multiple ways
 to implement this. It could be implemented through the .htaccess or the
 code could be added to each plugin file when  deactivate_plugins is ran or
 similar functions. There are lots of other ways to handle this, like
 adding in /* and ending it at the beginning and end of each block of PHP
 code.

 Evaluating risk is important, however it is a bigger risk not to fix this
 issue then to possibly run into some configuration problems.  Kirrus said
 something very similar to this affect 7 months ago
 https://core.trac.wordpress.org/ticket/26273#comment:6

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list