security issue? files to delete after install? | WordPress.org

ihad
(@ihad)

19 years, 10 months ago

I haven’t seen anything in the readme that comes with wp about deleting “unneccessary” files after you successfully installed wp.
I figured it might be a good idea to delete the following files that can be run by anyone typing in the url. Please correct me if I am wrong:
wp-admin/install.php
wp-admin/install-helper.php
wp-admin/upgrade.php (anyone can launch this, even here on wordpress.org/development/…)
wp-admin/upgrade-functions.php
wp-admin/import*.php
I guess you could alternatively secure the wp-admin folder with a .htaccess file.
Or maybe I am wrong and these files do not pose a security risk by being freely accessible?
cheers
ai

Viewing 3 replies - 1 through 3 (of 3 total)

Mark (podz)
(@podz)

19 years, 10 months ago

There is no security risk at all by leaving everything exactly as it is uploaded.
You can of course remove some files purely to save a small amount of disk space, but there is absolutely nothing anyone can do to your blog, or your database by leaving those files. Honest 🙂

Thread Starter ihad
(@ihad)

19 years, 10 months ago

save a TINY amount of space! well if it doesn’t pose any risk then by all means, they may remain where they are 😀
ai

Sushubh
(@sushubh)

19 years, 10 months ago

running upgrade file repeatedly does not harm the blog. it checks for everything before doing anything.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘security issue? files to delete after install?’ is closed to new replies.

In: Installing WordPress
3 replies
3 participants
Last reply from: Sushubh
Last activity: 19 years, 10 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics