[wp-hackers] Forum Post

Kimmo Suominen kimmo+key+wordpress.c4f53f at suominen.com
Mon May 23 16:53:22 GMT 2005


On Mon, May 23, 2005 at 11:36:13AM -0500, Michael Hampton wrote:
> On 5/23/05, Stefano <steagl at people.it> wrote:
> > As other answered in the forum thread I think it's a sysadmin issue
> > more than a WP issues, a solution for a standard installation shoudl
> > be to have a special index.php that redirect to main index.php but i
> > doen't see it as a serious "security" issues
> 
> Hm, and I was just reading something about how WordPress doesn't take
> security seriously. And this is such a simple fix, too... Options
> -Indexes in .htaccess, for instance. A blank index.html or something
> for those sites where .htaccess won't work.

Provided "Override Options" is allowed in .htaccess -- if not, you get
a server error.  A blank "index.html" or "index.php" is assuming that
one or the other is included in DirectoryIndex ("index.html" is the
default, so I guess that would be a better choice than "index.php").

There are so many ways to misconfigure a web server that I'm not sure
implementing workarounds for the possible mistakes is time well spent.

I think "Options None" should work fine with WordPress, so the install
document could include a section about Apache configuration recommending
that.  I guess "AllowOverride FileInfo" should be mentioned, too.

Regards,
+ Kim
-- 
<A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>



More information about the wp-hackers mailing list