Make WordPress Core

Opened 3 months ago

Last modified 3 weeks ago

#62055 assigned enhancement

Put index.php into Public folder on the root directory

Reported by: sourav926's profile sourav926 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Security Keywords: reporter-feedback
Focuses: Cc:

Description

Now we are writing ABSPATH constant existence check everywhere to protect files from direct access.
But we can make a public (or any name) folder in the root and put the index.php (/public/index.php) file in the folder. That way only index.php file can be directly accessed. And we'll be able to remove ABSPATH constant existence check from files.

What about backward compatibility?
Well, at the beginning we can keep both /index.php and /public/index.php files for one or more year(s) and keep telling users, and hosting providers to point their servers to the public folder. Then we can remove the index.php and also constant checks from files.

Change History (1)

#1 @johnbillion
3 weeks ago

  • Keywords reporter-feedback added

The constant checks within files are there to prevent direct access over HTTP to files that perform side effects. There's no relation to directory listings or index.php.

@sourav926 What problem are you seeing that needs addressing?

Note: See TracTickets for help on using tickets.