Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only '/public' should be accessible #85

Open
saulens22 opened this issue Dec 18, 2018 · 2 comments
Open

Only '/public' should be accessible #85

saulens22 opened this issue Dec 18, 2018 · 2 comments
Labels
enhancement
Milestone
4.0.0

Comments

@saulens22
Copy link

Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).

I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.
@multiplehats
Copy link

+1

@jedrzejchalubek jedrzejchalubek added this to the 4.0.0 milestone Mar 4, 2019
@niklasp
Copy link

niklasp commented Feb 1, 2021

maybe this can be added via a pull request @saulens22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
4.0.0
Development

No branches or pull requests
4 participants
@niklasp @jedrzejchalubek @saulens22 @multiplehats