id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 50590,.htaccess deny from all auto-blocker if plugin got deactivated + WordPress internal firewall,KestutisIT,,"So, from discussion in forums, it appears, that website may also be hacked via deactivated plugin. So I suggest, that after a plugin has been deactivated, WordPress would automatically create .htaccess file in plugin's folder with ""deny from all"" content. That would prevent from non-updated deactivated plugin vulnerability, as often people believes, that they are safe if they got deactivated suspicions plugin, of they tested something and left that plugin on the server as deactivated for years. Also, there should be WordPress internal firewall, that should show BIG RED WARNING in all WP Admin that WordPress was not able to create .htaccess blocker for some plugin, and that user has to create that file with that content manually. This would boost WordPress security level to next class.",feature request,closed,normal,,Security,5.4.2,normal,duplicate,,,coding-standards