Closed PDowney closed 4 years ago
@PDowney Thanks for your suggestion, it is now commented out by default. I've added a new section in the default wp-config.php
boilerplate called:
Inactive Defined Constants (Modify Using Custom Functions Or Otherwise)
Ref: https://github.com/littlebizzy/slickstack/commit/9b85691f871875199f8b1bc417acf0b3b5ef7efe
A few others added (to be expanded in future), for future reference:
/** the following defined constants should not be hardcoded to allow for modification */
/** modify these constants using the Custom Functions MU plugin or otherwise */
// define('WP_ALLOW_REPAIR', false); // default = false
// define('SAVEQUERIES', false); // default = false
// define('CONCATENATE_SCRIPTS', false); // default = false
// define('SCRIPT_DEBUG', false); // default = false
Ref: https://github.com/littlebizzy/slickstack/blob/master/wordpress/wp-config.txt
WP_ALLOW_REPAIR found within the wp-config.php file should be set to false unless it's specifically being used. Any visitor can run database repairs and optimizations on a site with it enabled, regardless of whether or not they are logged in.
Try it by visiting yoursite/wp-admin/maint/repair.php
define('WP_ALLOW_REPAIR', false);