WordPress.org

Ready to get started?Download WordPress

Forums

security issue? files to delete after install? (4 posts)

  1. ihad
    Member
    Posted 10 years ago #

    I haven't seen anything in the readme that comes with wp about deleting "unneccessary" files after you successfully installed wp.
    I figured it might be a good idea to delete the following files that can be run by anyone typing in the url. Please correct me if I am wrong:
    wp-admin/install.php
    wp-admin/install-helper.php
    wp-admin/upgrade.php (anyone can launch this, even here on wordpress.org/development/...)
    wp-admin/upgrade-functions.php
    wp-admin/import*.php
    I guess you could alternatively secure the wp-admin folder with a .htaccess file.
    Or maybe I am wrong and these files do not pose a security risk by being freely accessible?
    cheers
    ai

  2. Mark (podz)
    Support Maven
    Posted 10 years ago #

    There is no security risk at all by leaving everything exactly as it is uploaded.
    You can of course remove some files purely to save a small amount of disk space, but there is absolutely nothing anyone can do to your blog, or your database by leaving those files. Honest :)

  3. ihad
    Member
    Posted 10 years ago #

    save a TINY amount of space! well if it doesn't pose any risk then by all means, they may remain where they are :D
    ai

  4. OperaManiac
    Member
    Posted 10 years ago #

    running upgrade file repeatedly does not harm the blog. it checks for everything before doing anything.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.