theme icon indicating copy to clipboard operation
theme copied to clipboard
verified publisher icon tonik

Only '/public' should be accessible

Open saulens22 opened this issue 7 years ago • 2 comments

Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).

I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.

saulens22 avatar Dec 18 '18 13:12 saulens22

+1

multiplehats avatar Dec 19 '18 15:12 multiplehats

maybe this can be added via a pull request @saulens22

niklasp avatar Feb 01 '21 18:02 niklasp