This repository was archived by the owner on Nov 14, 2024. It is now read-only.
This repository was archived by the owner on Nov 14, 2024. It is now read-only.
Only '/public' should be accessible #85
Description
Usually, all of Wordpress theme PHP files check if ABSPATH exists. This theme template doesn't have such functionality. Moreover, I can access '/config' , '/resources', '/vendor' and so on. It might pose a security risk in the long run (just my opinion).
I believe only '/public' folder should be accessible by web server. In my case, I created '.htaccess' file in theme root that denies all access and created another '.htaccess' file in '/resources' that WebPack copies into '/public' folder with complete access. I think it's worth discussing implementing this in theme.