Add httpd configuration for basic security (!3) · Merge requests · wordpress / wordpress-image

Alexandre Lossent requested to merge alossent/wordpress-image:wordpress-basic-security into master Apr 19, 2023

Following security team report:

From the CERN WhiteHat challenge, it was found that the URL https://some_wordpress_site.web.cern.ch/.wp-config.php.swp discloses secret key and database information. Also, the URL https://some_wordpress_site.web.cern.ch/wp-includes/ has directory listings enabled, making it possible to explore web server contents.

Admin message

Add httpd configuration for basic security

Merge request reports