Hi Maybe you're right but the problem is still really not critical. wp-config.php looks for something like /etc/wordpress/config-$host.php so my question is: if someone has unauthorized and maliciuos access to /etc/wordpress (or, maybe, to /etc/*?) is it a wordpress problem?
However I'll try to find a better way to look for the correct configuration file: maybe reading a local list of authorized config files? Thank you for reporting. Cheers. Andrea De Iacovo
signature.asc
Description: Questa รจ una parte del messaggio firmata digitalmente
