Shouldn’t upgrade.php be secure? | WordPress.org

drmike
(@drmike)

17 years, 3 months ago

Greets:

Just updated one of my wp installs to 2.0.6 and I’ve got a question.

I was able to run wp-admin/upgrade.php without being logged in. Wouldn’t that be a security concern though? Granted it’s just the upgrade script but it’s accessable.

Thanks,
-drmike

Viewing 2 replies - 1 through 2 (of 2 total)

whooami
(@whooami)

17 years, 3 months ago

install.php is equally accessable. the assumption is made that folks are bright enough to delete those files once theyre done. It might be too much to ask of folks, (phpBB handles those sorts of things differently to avoid newb mistakes), but then I think the devs have largely and in most cases rightly so, expected that WP users have atleast some idea(s) about about general Internet security.

Thread Starter drmike
(@drmike)

17 years ago

I don’t recall seeing any suggestion of deleeting that file during an install. Maybe it should be in there then?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Shouldn’t upgrade.php be secure?’ is closed to new replies.

Tags

upgrade

In: Fixing WordPress
2 replies
2 participants
Last reply from: drmike
Last activity: 17 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics