This repository has been archived by the owner on Nov 14, 2024. It is now read-only.
Only '/public' should be accessible #85
Labels
Milestone
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).
I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.
The text was updated successfully, but these errors were encountered: