[wp-trac] [WordPress Trac] #42917: Add in htaccess
WordPress Trac
noreply at wordpress.org
Sat Dec 16 20:55:39 UTC 2017
#42917: Add in htaccess
-----------------------------+------------------------------
Reporter: gabrielmasson | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.1
Severity: normal | Resolution:
Keywords: | Focuses: performance
-----------------------------+------------------------------
Comment (by jeremyescott):
I'm no security expert, but wouldn't it be smarter for a user who
explicitly needs this to add it to their own site rather than enable it
for all? A lot of folders are created in wp-content/uploads without
index.php, including in my plugins, and this change would require me to
explicitly add (and re-check often that a user didn't delete) an index to
that folder. Without an index, if the user puts anything of value, it
could be exposed to the world. One of my plugins, lets users upload
sensitive documents in an employee onboarding process. IDK, this doesn't
seem like a great idea, security wise. I'm curious, instead, why you feel
this is necessary for all of core instead of something you can add per-
site, when needed?
If anything, perhaps some better documentation on this would be helpful.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42917#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list