Skip to content

Forbid wp-config-sample.php #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TimidRobot merged 1 commit into from
Jul 3, 2025
Merged

Forbid wp-config-sample.php #320

TimidRobot merged 1 commit into from
Jul 3, 2025

Conversation

@TimidRobot
Copy link
Member

@TimidRobot TimidRobot commented Jul 3, 2025
edited
Loading

Description

Forbid wp-config-sample.php

(Access to this file shouldn't have any more impact than an error log entry, but better to deny access.)

Technical details

Tests

Before

Command:

http --all --follow --headers --auth [REDACTED]:[REDACTED] \
    "https://stage.creativecommons.org/wp-config-sample.php?$(date +%s)"

Output

HTTP/1.1 500 Internal Server Error
CF-RAY: 959711230df1bac4-MXP
Cache-Control: no-cache, must-revalidate, max-age=0
Cf-Cache-Status: DYNAMIC
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 03 Jul 2025 14:28:01 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Server: cloudflare
Transfer-Encoding: chunked

After

Command:

http --all --follow --headers --auth [REDACTED]:[REDACTED] \
    "https://stage.creativecommons.org/wp-config-sample.php?$(date +%s)"

Output

HTTP/1.1 403 Forbidden
CF-RAY: 9597193aa964b260-MXP
Cf-Cache-Status: DYNAMIC
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 03 Jul 2025 14:33:32 GMT
Server: cloudflare
Transfer-Encoding: chunked

Checklist

  • My pull request has a descriptive title (not a vague title like Update index.md).
  • My pull request targets the default branch of the repository (main or master).
  • My commit messages follow best practices.
  • My code follows the established code style of the repository.
  • I added or updated tests for the changes I made (if applicable).
  • I added or updated documentation (if applicable).
  • I tried running the project locally and verified that there are no
    visible errors.

Developer Certificate of Origin

For the purposes of this DCO, "license" is equivalent to "license or public domain dedication," and "open source license" is equivalent to "open content license or public domain dedication."

Developer Certificate of Origin 
Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

@TimidRobot TimidRobot self-assigned this Jul 3, 2025
@TimidRobot TimidRobot requested a review from a team as a code owner July 3, 2025 15:28
@github-project-automation github-project-automation bot moved this to Triage in TimidRobot Jul 3, 2025
@TimidRobot TimidRobot moved this from Triage to In review in TimidRobot Jul 3, 2025
Shafiya-Heena
Shafiya-Heena approved these changes Jul 3, 2025
View reviewed changes
Copy link
Member

@Shafiya-Heena Shafiya-Heena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@TimidRobot TimidRobot merged commit a4c1a96 into main Jul 3, 2025
@TimidRobot TimidRobot deleted the sample-forbidden branch July 3, 2025 15:46
@github-project-automation github-project-automation bot moved this from In review to Done in TimidRobot Jul 3, 2025
@TimidRobot
Copy link
Member Author

TimidRobot commented Jul 3, 2025

Deployed to index__prod: Thu 03 Jul 2025 03:48:31 PM UTC

@Shafiya-Heena
Copy link
Member

Shafiya-Heena commented Jul 3, 2025

deployed on openglam_prod, biztool_prod, opencovid__prod chapters_prod and chapters_stage at Thu 03 Jul 2025 04:14:55 PM UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@possumbilities possumbilities possumbilities approved these changes

+1 more reviewer

@Shafiya-Heena Shafiya-Heena Shafiya-Heena approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@TimidRobot TimidRobot

Labels

None yet

Projects

TimidRobot
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TimidRobot @Shafiya-Heena @possumbilities