Feature: Option to detect and exclude a php file in wp-content?

  • Resolved brand-dedication

    (@brand-dedication)


    9 years ago

    Hi,

    This may be rare as I have a 100 plugin site and there is only one plugin so far that I see that when hardening the wp-content that the php file needed in a plugin returns a Forbidden.

    The plugin is…
    http://codecanyon.net/item/arforms-premium-form-builder-plugin-for-wordpress/6023165

    It executes a php file to run the Google Captcha.

    I have no clue if that is good or bad, but just know the end result between Sucuri Scanner and this plugin.

    I’ve already mentioned it to the author as well.

    But then I thought other plugins might have php files needed to run and the option to detect and exclude certain files and have the .htaccess updated accordingly would be a good idea.

    Thoughts?

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 2 replies - 1 through 2 (of 2 total)
  • yorman

    (@yorman)

    9 years ago

    This is a bug/feature because is a deliberate behavior considering that is not recommended to call PHP files directly placed in the content directory. I believe someone already suggested the same thing last year (add an option to whitelist PHP files inside the content directory) but I did not have time to implement that option. I will include this into my TODO list for the next version and will work on it when the tasks that I have assigned in internal projects are finished.

    Thread Starter brand-dedication

    (@brand-dedication)

    9 years ago

    Good deal.

    Thanks for the info and solution.

    Appreciate it!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Feature: Option to detect and exclude a php file in wp-content?’ is closed to new replies.