[wp-trac] [WordPress Trac] #36177: default htaccess should include security measures

Wed Mar 9 15:56:41 UTC 2016

#36177: default htaccess should include security measures
-------------------------+------------------------------
 Reporter:  lelutin      |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:
-------------------------+------------------------------

Comment (by lelutin):

 @makeonlineshop it's not so much that wordpress has no security, more that
 by default there could be some basic protections added.

 mind you, the proposed protections also only affect users that are using
 apache, which I would guess are the majority. nginx doesn't have
 dynamically loaded configuration files for individual sites like apache
 does (which arguably is a better model) so the better strategy is to have
 good documentation on how to setup nginx for wordpress, including some
 protection measures for file/directories access.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36177#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform