WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#41790 closed feature request (duplicate)

wp-includes folder is not secure

Reported by: ravi500patel Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9
Component: Security Keywords:
Focuses: Cc:
PR Number:

Description

When i run this url http://www.mysite.com/wp-includes its showing list of files and directories.
I think this must not be visible to any user

Change History (3)

#1 @msebel
2 years ago

Sure, but that's not something a CMS handles.
This should rather be configured on the webserver level - and is almost everywhere the default to not show any directory listings. Please refer to your host or your control panel to deactivate directly listings.

#2 @SergeyBiryukov
2 years ago

  • Component changed from General to Security
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @ravi500patel, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #18546 and #36177.

#3 @msebel
2 years ago

But of course an index.php as mentioned in #18546 and #36177 would clearly "fix" the issue as well

Note: See TracTickets for help on using tickets.