Is keeping wp-admin/install.php
and wp-admin/install-helper.php
a security leak on the newer versions of wordpress? By default file permission on those files are 644.
If there is any leak, what kind of please?
Is keeping wp-admin/install.php
and wp-admin/install-helper.php
a security leak on the newer versions of wordpress? By default file permission on those files are 644.
If there is any leak, what kind of please?
You must be logged in to post a comment.
No, there is no security risk. Both files do sanity checks before anything happens.
If WordPress is already installed:
install-helper.php
returns just a blank page.install.php
says WordPress is installed and you should log in:You can forbid access to both files with a simple rule in your .htaccess above the permalink rules:
This will redirect all requests to these files to the home page.