Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#4760 closed defect (bug) (duplicate)

Add default index.php to wp-content/plugins to avoid directory listing

Reported by: zamoose's profile zamoose Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Security Keywords: security directory-listing
Focuses: Cc:

Description

As per a thread started by Ozh on wp-hackers, it would be a good idea to include a default index.php in trunk/wp-content/plugins ala the one included in trunk/wp-content in order to prevent unwanted listing of the plugins directory. Preventing this will preclude attackers from gaining insight into potentially flawed plugins that could compromise the security of a WP-powered blog.

Change History (4)

#1 @zamoose
18 years ago

  • Summary changed from Add default index.php to wp-content/plugsin to avoid directory listing to Add default index.php to wp-content/plugins to avoid directory listing

#2 @pishmishy
18 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #4760.

#4 @foolswisdom
18 years ago

  • Milestone 2.3 (trunk) deleted
Note: See TracTickets for help on using tickets.