Currently, by default, we can download the DB file (siteurl/wp-content/object-cache.sqlite) which can lead to security issues. For example, from the downloaded DB file we can extract user info:
select * from object_cache where name like '%user%';
My suggestions:
Rename it with the prefix ".ht" which by default most web server configurations prevent access to the file. For example ".ht.object-cache.sqlite"
Have the option to change the DB file name and location.
Hi there,
Thanks for your great work.
Currently, by default, we can download the DB file (siteurl/wp-content/object-cache.sqlite) which can lead to security issues. For example, from the downloaded DB file we can extract user info:
My suggestions:
Thanks.