Summary

Acunetix 360 possibly detected a WP Engine configuration file.

Impact

Configuration files often contain lots of sensitive information that are useful to potential attackers if they are exposed. In case of WP Engine, this may include secret cryptographic salts, API keys and even database credentials.

Remediation

You should manually check and confirm whether the file is indeed a WP Engine configuration file that contains sensitive information. If this is the case, the file must not be publicly accessible. Please make sure that the configuration file can still be read by WP Engine, but can't be accessed directly through your website.

Severity

Low

Classification

CWE-16 ISO27001-A.9.4.1 WASC-15 OWASP 2013-A5 OWASP 2017-A6