[wp-trac] [WordPress Trac] #42917: Add in htaccess
WordPress Trac
noreply at wordpress.org
Tue Jan 30 21:01:09 UTC 2018
#42917: Add in htaccess
-----------------------------+------------------------
Reporter: gabrielmasson | Owner:
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 4.9.1
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
-----------------------------+------------------------
Comment (by aaroncampbell):
Replying to [comment:2 joostdevalk]:
> I think this change would be a security improvement, but am curious to
know why this hasn't been already done. Perhaps @aaroncampbell knows?
I tend to agree with [comment:5 Sergey]:
> It's likely that your server already has directory listing disabled
(`Options -Indexes)` by default.
More specifically, I think this '''should''' be a server configuration. In
production, servers, even shared ones, should (almost) always be set to
`Options -Indexes` (`autoindex off` for nGinx), although in dev there are
probably many that prefer to leave it on.
If you are storing sensitive info in a directory with your plugin, you
should definitely be adding an index file to it. That way, even if the
site is migrated to a server that is set up poorly, the files will still
not be browsable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42917#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list