[wp-hackers] protecting wp-content/plugins ?
ozh at planetozh.com
Thu Aug 16 14:27:18 GMT 2007
Why nasty ? /wp-content has had its blank index.php for ages, but it's
pretty useless and should rather "protect" plugins & themes
As for it being a web server configuration, well, for sure. Except
that 98% of WordPress bloggers have no control and choice over their
shared hosting apache config.
On 8/16/07, James Davis <james at freecharity.org.uk> wrote:
> Ozh wrote:
> > I wonder: how come there is no blank index.html file sitting in
> > wp-content/plugins ? This is such a trivial thing to do that I suspect
> > there must have been some ruling against it by the past (although I
> > cannot really see any reason why one shouldnt have this file)
> It'd be a nasty hack, hiding what is really an issue with the web
> server's configuration. If you think this is an issue you will almost
> certainly want to address it across everything and not just WordPress.
> This risks of allowing directory indexing might be something to mention
> in the documentation if it's not already but that's all I think it needs.
> http://www.freecharity.org.uk/ - Free IT services for charities
> http://www.freecharity.org.uk/wiki/ - The VCSWiki
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
http://FrenchFragFactory.net ~ Daily Quake News
http://planetOzh.com ~ Useless Blog & Code
More information about the wp-hackers