Summary #

Netsparker possibly detected a WP Engine configuration file.

Impact #

Configuration files often contain lots of sensitive information that are useful to potential attackers if they are exposed. In case of WP Engine, this may include secret cryptographic salts, API keys and even database credentials.

Remediation #

You should manually check and confirm whether the file is indeed a WP Engine configuration file that contains sensitive information. If this is the case, the file must not be publicly accessible. Please make sure that the configuration file can still be read by WP Engine, but can't be accessed directly through your website.

Classifications #
CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Dead accurate, fast & easy-to-use Web Application Security Scanner