出于安全原因,我需要阻止对新WordPress安装中不会执行的脚本的访问。
示例:
索引。php-->需要可执行,包括/缓存。php-->不应执行(它包含在其他文件中)任何人都知道哪些文件是included 而这实际上需要executable?
我想建立一个可以通过执行的有效文件列表。htaccess,如下所示:
<小时>
Update:
这是。htaccess文件我有-我的实际问题是:这个配置完成了吗,或者我需要允许更多的文件才能让新的WordPress安装正常工作?
<IfModule mod_rewrite.c>
# ONLY ALLOW THESE SCRIPTS TO EXECUTE:
# == Login, Signup, Activate
RewriteRule ^wp-login.php - [L]
RewriteRule ^wp-activate.php - [L]
RewriteRule ^wp-signup.php - [L]
# == All admin scripts and WYSIWYG editor
RewriteRule ^wp-admin/ - [L]
RewriteRule ^wp-includes/js/tinymce/wp-tinymce.php - [L]
# == WP Cron and mail
RewriteRule ^wp-cron.php - [L]
RewriteRule ^wp-mail.php - [L]
# == WP Comments form
RewriteRule ^wp-comments-post.php - [L]
# (...) <-- I need to know which other files need to be allowed
# BLOCK ALL OTHER SCRIPTS
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule \\.(php.?|pl|cgi)$ - [F,L]
</IfModule>
最合适的回答,由SO网友:Rarst 整理而成
由于WP管理体系结构的原因,要可靠地编译和维护该列表将非常不方便。
我最有根据的猜测是,这些文件中的许多(但可能不是全部,也不仅仅是全部)都需要管理员引导(wp-admin/admin.php) 发挥作用。
我快速搜索了相应的指令,结果如下:
C:\\server\\www\\dev\\wordpress\\src>ack --files-with-matches --literal "require_once( dirname( __FILE__ ) . \'/admin.php\' );"
wp-admin/about.php
wp-admin/admin-header.php
wp-admin/comment.php
wp-admin/credits.php
wp-admin/customize.php
wp-admin/edit-comments.php
wp-admin/edit-tags.php
wp-admin/edit.php
wp-admin/export.php
wp-admin/freedoms.php
wp-admin/import.php
wp-admin/index.php
wp-admin/link-add.php
wp-admin/link-manager.php
wp-admin/link.php
wp-admin/media-new.php
wp-admin/media-upload.php
wp-admin/media.php
wp-admin/ms-admin.php
wp-admin/ms-delete-site.php
wp-admin/ms-edit.php
wp-admin/ms-options.php
wp-admin/ms-sites.php
wp-admin/ms-themes.php
wp-admin/ms-upgrade-network.php
wp-admin/ms-users.php
wp-admin/my-sites.php
wp-admin/nav-menus.php
wp-admin/network/about.php
wp-admin/network/credits.php
wp-admin/network/edit.php
wp-admin/network/freedoms.php
wp-admin/network/index.php
wp-admin/network/plugin-editor.php
wp-admin/network/plugin-install.php
wp-admin/network/plugins.php
wp-admin/network/profile.php
wp-admin/network/settings.php
wp-admin/network/setup.php
wp-admin/network/site-info.php
wp-admin/network/site-new.php
wp-admin/network/site-settings.php
wp-admin/network/site-themes.php
wp-admin/network/site-users.php
wp-admin/network/sites.php
wp-admin/network/theme-editor.php
wp-admin/network/theme-install.php
wp-admin/network/themes.php
wp-admin/network/update-core.php
wp-admin/network/update.php
wp-admin/network/upgrade.php
wp-admin/network/user-edit.php
wp-admin/network/user-new.php
wp-admin/network/users.php
wp-admin/network.php
wp-admin/options-discussion.php
wp-admin/options-general.php
wp-admin/options-media.php
wp-admin/options-permalink.php
wp-admin/options-reading.php
wp-admin/options-writing.php
wp-admin/options.php
wp-admin/plugin-editor.php
wp-admin/plugin-install.php
wp-admin/plugins.php
wp-admin/post-new.php
wp-admin/post.php
wp-admin/press-this.php
wp-admin/revision.php
wp-admin/term.php
wp-admin/theme-editor.php
wp-admin/theme-install.php
wp-admin/themes.php
wp-admin/tools.php
wp-admin/update-core.php
wp-admin/update.php
wp-admin/upload.php
wp-admin/user/about.php
wp-admin/user/credits.php
wp-admin/user/freedoms.php
wp-admin/user/index.php
wp-admin/user/profile.php
wp-admin/user/user-edit.php
wp-admin/user-edit.php
wp-admin/user-new.php
wp-admin/users.php
wp-admin/widgets.php
