Is This a Security Concern?

  • Resolved imtino

    (@imtino)


    5 years, 2 months ago

    Without logging in, we can access wp-content/plugins/bulletproof-security/admin/mod-test/. Should we worry about this?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AITpro

    (@aitpro)

    The BPS /mod-test/ folder contains image files, the Mod Test testing page and an htaccess file that is used to test if ModSecurity is installed and loaded on your website/host server. This is used by BPS internally to determine what htaccess code needs to be created for a particular website/server. These checks are also used to display whether ModSecurity is installed and loaded on the BPS System Info page. So this is nothing to worry about. Typically hackers and spammers use automated bots to send a barrage of attacks at a website/server to see if there are any security vulnerabilities. The automated bots would not bother looking in the /mod-test/ folder and even if they did the data would not produce any useful recon info for the bots.

    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is This a Security Concern?’ is closed to new replies.