[wp-trac] [WordPress Trac] #32373: Allow For execution of code before login processing
WordPress Trac
noreply at wordpress.org
Fri May 22 10:47:43 UTC 2015
#32373: Allow For execution of code before login processing
-------------------------+----------------------
Reporter: Another Guy | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version: trunk
Severity: normal | Resolution: invalid
Keywords: | Focuses:
-------------------------+----------------------
Comment (by knutsp):
I think this enhancement proposal was closed for mostly wrong reasons or a
misunderstanding, but why ...
>> The only way for you to do what you're seeking to do is exactly what
DD32 suggested, because >> the wp-config file is loaded before the
bootstrap and is not overridden on WordPress updates. >> That is your one,
and your only option here.
> And that is a "hack" and not generally supported.
... is that a hack and not generally supported?
Editing `wp-config.php` for your own needs is not a hack, it's encouraged
for people with the necessary knowledge of PHP and WordPress. You can even
include another php script. You can do the checks (like is `wp-admin/` or
`wp-login.php` requested?) and then do the request filtering.
I sometimes do such things in there because I find it too difficult to do
in `.htaccess`. And on other server types I wouldn't have much clue.
In a very secure setup and a large organization I wouldn't allow `wp-
config.php`to be edited locally by every developer, and would place it in
the folder above public_html, having it include a more freely editable php
file in the public_html folder. Or vice versa, putting the secrets of `wp-
config.php` in a special included file with edit restrictions.
In my view, you should be able to do anything on the php level from in
there, knowing that `wp-config.php` is always included before the rest of
WordPress.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32373#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list