Security - dotherightthing/wpdtrt-plugin-boilerplate GitHub Wiki

Summary

Tips to improve plugin security.

Status

• Stable @ 1.5.0

---

Usage

index.php

In addition to following the WordPress code standards, a common WordPress approach to directory security is:

<?php // silence is golden

But

Plugin and theme authors should not be trying to compensate for a poor server configuration (and hey, someone might want to show their index for a directory).

For Apache, it's a single line that usually even works in the site root .htaccess and will cascade down to subdirectories:

Options -Indexes

https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/908