[Security] logs folder does not block access.

  • Resolved Matt Bagley

    (@mydigitalwalk)


    10 years, 9 months ago

    The .htaccess in wp-content/wp_errorfix only blocks the listing of files. It needs to block access to those files or someone can easily guess (and get) them. ie:

    IndexIgnore *
    Deny from All

    Otherwise someone only has to try wp-content/wp_errorfix/2014-05-30 and they have all the errors for that day, as easy as pie. 365 tries, and they have a whole year. That’s too easy.

    https://www.ads-software.com/plugins/wp-error-fix/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘[Security] logs folder does not block access.’ is closed to new replies.