[wp-hackers] protecting wp-content/plugins ?

Ozh ozh at planetozh.com
Thu Aug 16 14:27:18 GMT 2007


Why nasty ? /wp-content has had its blank index.php for ages, but it's
pretty useless and should rather "protect" plugins & themes

As for it being a web server configuration, well, for sure. Except
that 98% of WordPress bloggers have no control and choice over their
shared hosting apache config.

Cheers,

Ozh

On 8/16/07, James Davis <james at freecharity.org.uk> wrote:
> Ozh wrote:
>
> > I wonder: how come there is no blank index.html file sitting in
> > wp-content/plugins ? This is such a trivial thing to do that I suspect
> > there must have been some ruling against it by the past (although I
> > cannot really see any reason why one shouldnt have this file)
>
> It'd be a nasty hack, hiding what is really an issue with the web
> server's configuration.  If you think this is an issue you will almost
> certainly want to address it across everything and not just WordPress.
>
> This risks of allowing directory indexing might be something to mention
> in the documentation if it's not already but that's all I think it needs.
>
> James
>
> --
> http://www.freecharity.org.uk/ - Free IT services for charities
> http://www.freecharity.org.uk/wiki/ - The VCSWiki
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


-- 
http://FrenchFragFactory.net ~ Daily Quake News
   http://planetOzh.com ~ Useless Blog & Code


More information about the wp-hackers mailing list