I think this should be rectified in the next update or so.
Try looking at yourdomain.com/wp-includes and you can see all the contents inside it.
This was discovered by my friend.
[resolved] index.php Inexistent In wp-includes Folder (5 posts)
-
Ariff
Posted 10 months ago # -
Perhaps your friend could learn how to turn directory indexing off on his web server?
-
Posted 10 months ago #Even if directory indexing is turned off, you can still access files like this http://yourdomain.com/wp-includes/admin-bar.php thus revealing the username for ftp account.
Don't know how severe this issue is as I'm not an expert. Just pointing this out. If anybody feel that something should be done, then by all means do something.
If not, then thanks for reading.
Cheers!
-
Even if an index.php file is there, you can still access files directly. Nothing WP can do about that except what they have (with wp_die() calls to anyone who access the file directly).
By the way, http://yourdomain.com/wp-includes/admin-bar.php gives me an error 500 on all my sites. All the direct links for things in wp-includes are blank pages (php errors, as expected) or error 500.
Your friend is overreacting :) It's not severe.
-
Posted 10 months ago #Thanks for your input.
Reply
You must log in to post.
