single-post.html

Do block-templates and block-template-part folders need to be protected?

Question: What should happen if a user tries to visit a block template or template part folder or file directly? Is there a potential security issue?

Answer: If you attempt to visit the folder then you may get a 403 or a 404 from the website hosting. If you visit a file then you’ll probably see rubbish.

Try it:

Note: There shouldn’t be anything in template or template part files that could reveal sensitive information. ie There should be no hardcoded passwords, API keys or other information that must not be generally available.

The fact that some requests may result in a hosting company’s error pages has not been addressed.

WordPress version: 5.7.2

Gutenberg version: 10.8.0

© Copyright Herb Miller, Bobbing Wide 2021