Summary

Netsparker possibly detected a WP Engine configuration file.

Impact

Configuration files often contain lots of sensitive information that are useful to potential attackers if they are exposed. In case of WP Engine, this may include secret cryptographic salts, API keys and even database credentials.

Remediation

You should manually check and confirm whether the file is indeed a WP Engine configuration file that contains sensitive information. If this is the case, the file must not be publicly accessible. Please make sure that the configuration file can still be read by WP Engine, but can't be accessed directly through your website.

Classifications
WASC-15, OWASP 2013-A5
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO