You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 14, 2024. It is now read-only.
Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).
I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.
Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).
I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.