[wp-trac] [WordPress Trac] #44663: Disallow direct access to wp-includes php files
WordPress Trac
noreply at wordpress.org
Sun Jul 29 11:13:27 UTC 2018
#44663: Disallow direct access to wp-includes php files
-----------------------------+------------------------
Reporter: lucasbustamante | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 4.9.7
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
-----------------------------+------------------------
Changes (by swissspidy):
* status: new => closed
* resolution: => duplicate
* milestone: Awaiting Review =>
Comment:
Hey there
This has come up many times before, for example in #36177 and #30806.
Path disclosure is a server configuration problem. Never enable
`display_errors` on a production site. See
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ Security FAQ].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44663#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list