Support » Installing WordPress » security issue? files to delete after install?

  • I haven’t seen anything in the readme that comes with wp about deleting “unneccessary” files after you successfully installed wp.
    I figured it might be a good idea to delete the following files that can be run by anyone typing in the url. Please correct me if I am wrong:
    wp-admin/install.php
    wp-admin/install-helper.php
    wp-admin/upgrade.php (anyone can launch this, even here on wordpress.org/development/…)
    wp-admin/upgrade-functions.php
    wp-admin/import*.php
    I guess you could alternatively secure the wp-admin folder with a .htaccess file.
    Or maybe I am wrong and these files do not pose a security risk by being freely accessible?
    cheers
    ai

Viewing 3 replies - 1 through 3 (of 3 total)
  • Mark (podz)

    (@podz)

    Support Maven

    There is no security risk at all by leaving everything exactly as it is uploaded.
    You can of course remove some files purely to save a small amount of disk space, but there is absolutely nothing anyone can do to your blog, or your database by leaving those files. Honest 🙂

    save a TINY amount of space! well if it doesn’t pose any risk then by all means, they may remain where they are 😀
    ai

    running upgrade file repeatedly does not harm the blog. it checks for everything before doing anything.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘security issue? files to delete after install?’ is closed to new replies.