Should I remove install.php and install-helper.php?

Is keeping wp-admin/install.php and wp-admin/install-helper.php a security leak on the newer versions of wordpress? By default file permission on those files are 644.

If there is any leak, what kind of please?

Related posts

Leave a Reply

2 comments

  1. No, there is no security risk. Both files do sanity checks before anything happens.

    If WordPress is already installed:

    • install-helper.php returns just a blank page.
    • install.php says WordPress is installed and you should log in:
      enter image description here

    You can forbid access to both files with a simple rule in your .htaccess above the permalink rules:

    RedirectMatch Permanent wp-admin/install(-helper)?.php /
    

    This will redirect all requests to these files to the home page.