[wp-trac] [WordPress Trac] #36177: default htaccess should include security measures
WordPress Trac
noreply at wordpress.org
Fri Dec 20 22:01:27 UTC 2024
#36177: default htaccess should include security measures
-------------------------+------------------------------
Reporter: lelutin | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by azaozz):
This ticket is about enhancing/updating the default .htaccess file in WP.
However it seems the path disclosure/PHP fatal error by direct access to a
file/missing ABSPATH tickets redirect here. Indeed most of these can be
solved by updating the .htaccess rules however it is not the only way to
fix these errors. Also seems changing .htaccess may not be 100% backwards
compatible, and may introduce regressions in plugins.
Perhaps all tickets about missing bootstrap/missing ABSPATH should be
separated and fixed now while updates for .htaccess are still being
discussed (it's been 9 years already). Don't think there is a good reason
for WP to keep filling the server's error logs when sites are being
scanned by bots or probed for exploits, etc.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36177#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list