WP Engine Configuration File Detected
Summary#
Invicti possibly detected a WP Engine configuration file.
Impact#
Configuration files often contain lots of sensitive information that are useful to potential attackers if they are exposed. In case of WP Engine, this may include secret cryptographic salts, API keys and even database credentials.
Remediation#
You should manually check and confirm whether the file is indeed a WP Engine configuration file that contains sensitive information. If this is the case, the file must not be publicly accessible. Please make sure that the configuration file can still be read by WP Engine, but can't be accessed directly through your website.
Classifications#
Further Reading#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
Related Vulnerabilities
