[wp-trac] [WordPress Trac] #56141: Enhance installer security
WordPress Trac
noreply at wordpress.org
Mon Aug 8 14:59:15 UTC 2022
#56141: Enhance installer security
--------------------------+---------------------
Reporter: smitka | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone: 6.1
Component: Security | Version:
Severity: major | Resolution:
Keywords: dev-feedback | Focuses:
--------------------------+---------------------
Comment (by lordgurke):
Hi smitka,
For the install key: I would also read it from an environment variable, if
it's set. With that, a hoster can generate this key automatically and
display it within the customers backend. The installer will be secured by
default, without a need for the customers to upload any additional files.
Also, maybe other projects might want to use such a feature and can then
simply refer to a (standardized?) environment variable.
PSA:
I also created such a request a few months ago
[[https://wordpress.org/support/topic/securing-wordpress-installer-using-
enviroment-variables/|in the forums]], but this has been silently deleted
without any reason. Maybe WordPress could provide a reason for this,
because I have a feeling many other reports on problems ceased to exist
that way.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56141#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list