Perhaps your friend could learn how to turn directory indexing off on his web server?
Thread Starter
ariff
(@ariff)
Even if directory indexing is turned off, you can still access files like this http://yourdomain.com/wp-includes/admin-bar.php thus revealing the username for ftp account.
Don’t know how severe this issue is as I’m not an expert. Just pointing this out. If anybody feel that something should be done, then by all means do something.
If not, then thanks for reading.
Cheers!
Even if an index.php file is there, you can still access files directly. Nothing WP can do about that except what they have (with wp_die() calls to anyone who access the file directly).
By the way, http://yourdomain.com/wp-includes/admin-bar.php gives me an error 500 on all my sites. All the direct links for things in wp-includes are blank pages (php errors, as expected) or error 500.
Your friend is overreacting 🙂 It’s not severe.
