Support » Installation » [Resolved] WordPress internal path vulnerability

[Resolved] WordPress internal path vulnerability

  • This is odd. A scan shows some kind of error, giving away internal path information. This never showed up before and the most recent upgrade was just the Twenty Ten Theme to 1.1

    The internal path anomaly is . . (I used * just to not give out information here.)

    So how do I turn off errors with no php.ini?
    display_errors = Off

    Using WordPress 3.0

Viewing 6 replies - 1 through 6 (of 6 total)
  • A … scan? What kind of scan? Is this on the front end of your site?

    A … scan?

    An external vendor scan. Basically the main question is how to set display_errors = Off at this point.

    Could be a host issue I don’t know.

    internal paths

    PHP is very good in leaking the internal paths of your system in case of errors. You can find out exactly where the blog is hosted (/var/www, /home/user, etc) and you can 99% of the time guess the user name used for administration.

    Probably not a WordPress thing but a PHP one, yeah.

    Hmmm. If you can’t get at php.ini I think you can put error_reporting(0); somewhere in your code, but I don’t know where to cover all of WordPress.

    I’d ask my host to turn it off in the php.ini if you’re that worried.

    I’d ask my host to turn it off in the php.ini

    They just upgraded php could be it. My other option might be an htaccess tweak of some kind.

    It was being caused by the WordPress Default Theme.

    Let me clarify it was the original default theme not Twenty Ten that somehow produced this anomaly. My fix was simply to delete the old default theme. Which I do not use anyway.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] WordPress internal path vulnerability’ is closed to new replies.
Skip to toolbar