Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 4 months ago

#29335 closed enhancement (duplicate)

change wp-admin/wp-content/wp-includes by a variable in the code

Reported by: neustradamus's profile Neustradamus Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Bootstrap/Load Keywords: reporter-feedback
Focuses: Cc:


Dear developers,

There are missing points in the current code, can you update the code and change:

  • wp-admin by WP_ADMIN_DIR
  • wp-content by WP_CONTENT_DIR
  • wp-includes by WPINC

Change History (5)

#1 @georgestephanis
10 years ago

Howdy, and thanks for the bug report!

Could you explain how this is a security issue, in your opinion, let alone a blocker?

Also, could you refer to specific examples in the codebase that you're referring to? WPINC is a folder name, but a hardcoded constant in core, and could be used in filesystem paths and urls. WP_ADMIN_DIR isn't actually a thing, because core doesn't support relocating the wp-admin directory like it supports relocating the wp-content directory -- hence the need for WP_CONTENT_DIR -- which is the full path, not just the folder name like WPINC is.

#2 @helen
10 years ago

  • Component changed from Security to Bootstrap/Load
  • Severity changed from blocker to normal
  • Type changed from defect (bug) to enhancement
  • Version trunk deleted

#3 @ocean90
10 years ago

  • Keywords reporter-feedback added

#4 @Neustradamus
10 years ago

In the same time, by default, you can add a .htaccess in /

# Disable directory browsing
Options All -Indexes

In the code there are (not all):





I will be nice to have a WP_INCLUDES_DIR / WP_INCLUDES_URL for replace wp-includes
It will be nice to have a WP_ADMIN_DIR / WP_ADMIN_URL for replace wp-admin

#5 @SergeyBiryukov
10 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #7194, #14157, #24368.

Note: See TracTickets for help on using tickets.