Shouldn't upgrade.php be secure? (3 posts)

  1. drmike
    Posted 9 years ago #


    Just updated one of my wp installs to 2.0.6 and I've got a question.

    I was able to run wp-admin/upgrade.php without being logged in. Wouldn't that be a security concern though? Granted it's just the upgrade script but it's accessable.


  2. whooami
    Posted 9 years ago #

    install.php is equally accessable. the assumption is made that folks are bright enough to delete those files once theyre done. It might be too much to ask of folks, (phpBB handles those sorts of things differently to avoid newb mistakes), but then I think the devs have largely and in most cases rightly so, expected that WP users have atleast some idea(s) about about general Internet security.

  3. drmike
    Posted 9 years ago #

    I don't recall seeing any suggestion of deleeting that file during an install. Maybe it should be in there then?

Topic Closed

This topic has been closed to new replies.

About this Topic