[wp-trac] [WordPress Trac] #36177: default htaccess should include security measures
WordPress Trac
noreply at wordpress.org
Tue Dec 24 22:46:44 UTC 2024
#36177: default htaccess should include security measures
-------------------------+------------------------------
Reporter: lelutin | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by antonvlasenko):
When comparing the two possible solutions—adding `defined('ABSPATH')`
checks versus blocking access to these files — I prefer the `.htaccess`
solution.
It's centralized and managed in a single location, which simplifies
maintenance and reduces potential errors.
In modern PHP frameworks, there is typically only one entry point to the
application, with all requests routed through it. WordPress, however,
follows a different structure due to historical reasons.
Whatever solution is chosen, it must be implemented with great care to
ensure backward compatibility.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36177#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list