disable zip extension in themes directroy

[ahmedash95]

a lot of developers upload theme zip file to wp-content/themes/theme_name.zip then they extact the file and forget to remove it later . and thats make it easy to anyone to download this seem later if he view source and get theme directory wp-content/themes/ahmed_theme/style.css if he tries to download the file wp-content/themes/ahmed_theme.zip the file will start to download . so i think wordpress default htaccess must come with this rewrite rule to protected users .

RewriteRule ^wp-content/themes/.*\.(zip|rar)$ - [F,L,NC]

[dd32]

At this time, we don't add rewrite rules to block access to files - if a user doesn't want files downloadable, they shouldn't be placed within a publicly readable location, or should have a unqiue non-guessable filename.

Some security plugins are known to add extra rewrite rules to potentially block invalid requests, I don't think I've seen any of those add a similar rule to this either.

[ahmedash95]

i'm agree with you .. but a lot of users make this mistake by wrong and they completely forgot to protected their important files, i think wordpress must have some protected ways to secure user's files.