single-post.html
header
Get Full Site Editing

Do block-templates and block-template-part folders need to be protected?

    Question: What should happen if a user tries to visit a block template or template part folder or file directly? Is there a potential security issue?

    Answer: If you attempt to visit the folder then you may get a 403 or a 404 from the website hosting. If you visit a file then you’ll probably see rubbish.

    Try it:

    Block templates folder
    the 404 block template
    Missing file
    Block template parts folder
    the zzz block template part
    Missing file

    Note: There shouldn’t be anything in template or template part files that could reveal sensitive information. ie There should be no hardcoded passwords, API keys or other information that must not be generally available.

    The fact that some requests may result in a hosting company’s error pages has not been addressed.

    Accessibility Code Code FAQS Contributing FAQS FSE is Resources Uncategorised Video

    #fse-outreach-experiment #unanswered 18 agencies answers better blocks bug call #5 capabilities child theme color contributors could-do-better CSS custom customizer custom template dates development display:flex display:grid Dot empty featured image filter filters FREE GDPR global-styles grid Gutenberg handbook inline keyboard look and feel margin margins Mega Meetup menus migration mkaz navigation news nightly padding page builder paragraph performance phases plans plugins poem post edit post formats privacy process Publish query quote requirements reusable reusable block scope search server shortcode shortcuts Site Editor site icon size sort SSR stages statistics table template-part template parts templates theme.json themers Universal WooCommerce WordCamp Europe

    © Copyright Herb Miller, Bobbing Wide 2021