[wp-trac] [WordPress Trac] #42917: Add in htaccess

WordPress Trac noreply at wordpress.org
Sat Dec 16 20:55:39 UTC 2017


#42917: Add in htaccess
-----------------------------+------------------------------
 Reporter:  gabrielmasson    |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  General          |     Version:  4.9.1
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:  performance
-----------------------------+------------------------------

Comment (by jeremyescott):

 I'm no security expert, but wouldn't it be smarter for a user who
 explicitly needs this to add it to their own site rather than enable it
 for all? A lot of folders are created in wp-content/uploads without
 index.php, including in my plugins, and this change would require me to
 explicitly add (and re-check often that a user didn't delete) an index to
 that folder. Without an index, if the user puts anything of value, it
 could be exposed to the world. One of my plugins, lets users upload
 sensitive documents in an employee onboarding process. IDK, this doesn't
 seem like a great idea, security wise. I'm curious, instead, why you feel
 this is necessary for all of core instead of something you can add per-
 site, when needed?

 If anything, perhaps some better documentation on this would be helpful.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42917#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list