`php_flag display_errors off to the .htaccess and you won't show the paths for anymore errors. Who cares what plugins you have installed?'
1. because not everyone can or wants to do that?
lots of people care.
lots of people are nosy.
lots, in fact most of your userbases's login names are IN FACT revealed in that aforementioned and semi-dismissed directory traversal 'issue'. Some ppl may even have that as their root MySQL login name. Guess what? They pay for hosting -- they cant change it just because you decided an empty index.html was too tough for you to include.
I can rattle off atleast a handful of web based apps that provide a simple damn index.html in those dirs that they ALREADY know need them.
Why does it seem that the very minute anyone brings up what might be a very small thing to do, people get so damn defensive?
Its such a simple thing to do, I dont see why you dont say, "gee ya know, yeah thats a good idea, we forgot that, we overlooked that, we whatever.. good job, thanks for that", and let it go, instead of passing off some damn error blocking code thing for ppl; to put into their .htacccess.
How 'about putting that in your docs:
Some pages of your admin area may be subject to either directory traversal errors (yes I submitted the bug about it) but we decided that YOU should have to add a line to your .htaccess squelching errors because we are too damn arrogant OR lazy OR bullheaded to admit we overl0ooked it"
I certainly hope you never intend on this turning into a commercial endeavor. Cuz your customer care is really starting to suck. I have to tell you too, that you can delete or moderate disparaging posts all day long -- as your userbase grows the complaints are going to grow along with it. You can either address them or not I guess, in the end the fallout will be wordpress' problem.
the last time I checked this was made by humans, right, or did you all pass over into diety stutus?