Support » Fixing WordPress » Shouldn’t upgrade.php be secure?

  • Greets:

    Just updated one of my wp installs to 2.0.6 and I’ve got a question.

    I was able to run wp-admin/upgrade.php without being logged in. Wouldn’t that be a security concern though? Granted it’s just the upgrade script but it’s accessable.


Viewing 2 replies - 1 through 2 (of 2 total)
  • whooami



    install.php is equally accessable. the assumption is made that folks are bright enough to delete those files once theyre done. It might be too much to ask of folks, (phpBB handles those sorts of things differently to avoid newb mistakes), but then I think the devs have largely and in most cases rightly so, expected that WP users have atleast some idea(s) about about general Internet security.

    I don’t recall seeing any suggestion of deleeting that file during an install. Maybe it should be in there then?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Shouldn’t upgrade.php be secure?’ is closed to new replies.