admin管理员组

文章数量:1293371

This is more of a personal question for my own curiosity.

One of my websites appears to be vulnerable because the directory listing (/wp-includes) is enabled. It’s not difficult to fix, however I’m wondering how serious actually is this if none of the files can actually be accessed?

If I click on basically any file, including user-meta and functions.php it either returns a HTTP 500 or simply shows me a blank screen. So how would a hacker actually benefit from accessing the directory if none of the files can be accessed?

This is more of a personal question for my own curiosity.

One of my websites appears to be vulnerable because the directory listing (/wp-includes) is enabled. It’s not difficult to fix, however I’m wondering how serious actually is this if none of the files can actually be accessed?

If I click on basically any file, including user-meta and functions.php it either returns a HTTP 500 or simply shows me a blank screen. So how would a hacker actually benefit from accessing the directory if none of the files can be accessed?

  • security
Share Improve this question edited May 5, 2021 at 11:54 fuxia 107k38 gold badges255 silver badges459 bronze badges asked May 5, 2021 at 11:45 addirectaddirect 111 bronze badge
Add a comment  | 

1 Answer 1

Reset to default 0

Not especially, though I would disable it for your entire site if you have the option as a matter of general best practice.

In a well maintained WordPress install, the contents of that directory aren't a secret, even if the directory listing is hidden.

This is because you should never modify that folder, so it will always match the wp-includes folder in the WordPress download zip.

Anybody could look at WordPress on Github and see the listing, or download the zip, and expect to find the same files in the same locations on your site.

Of course if someone did change their wp-includes folder, then directory listings are the last thing you should be worrying about, as that in of itself is a serious security and maintenance concern.

本文标签: securityShould I disable directory listing for wpincludes

版权声明:本文标题:security - Should I disable directory listing for wp-includes? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741575577a2386263.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。