tonik / theme

Tonik is a WordPress Starter Theme which aims to modernize, organize and enhance some aspects of WordPress theme development.
http://labs.tonik.pl/theme/
MIT License
1.33k stars 140 forks source link

Only '/public' should be accessible #85

Open saulens22 opened 5 years ago

saulens22 commented 5 years ago

Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).

I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.

multiplehats commented 5 years ago

+1

niklasp commented 3 years ago

maybe this can be added via a pull request @saulens22