WordPress: fix CVE-2018-6389

2025-08-09 14:07:27 +08:00 · 2018-02-21 01:54:13 +01:00
parent bc1f9291b2
commit 62bd8f3e6b
3 changed files with 29 additions and 5 deletions
--- a/public/templates/conf/_wordpress.conf.html
+++ b/public/templates/conf/_wordpress.conf.html
@@ -18,6 +18,11 @@ location ~* ^/wp-content/plugins/.*\.(?!{{ extensions.assets }}|{{ extensions.fo
 	deny all;
 }

+# disable scripts and styles concat
+location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
+	deny all;
+}
+
 # WordPress stuff
 location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
 	deny all;