Drop in install.php delete?

HI, in my multisite plugins drop in folder I see install.php is this something that I am supposed to delete?

  • teckyhead
    • Design Lord, Child of Thor

    I get a little bit ‘twitchy’ when I see files with names like ‘install.php’ or ‘deletemylife.php’ but at the same time Kimberly is right – you probably shouldn’t delete it .. just in case.

    Given that it is called ‘install.php’ I think it’s safe to assume that it would only be used when something was going to be installed or updated. The worry is that it might do a destructive install or something, so if Joe Hacker came along with his trusty http://theinternetismine/install.php bot it might do something you didn’t want it to.

    With that in mind, I’d rename it to something like install_ButOnlyIfISaySo.php – and then if something unexpected happened at some time in the future you could always rename it back to install.php.

    If you’re familiar with PHP code (or even if you’re not) you could have a look inside the file – there may well be comments that will tell you what it’s related to.


  • mrarlen
    • New Recruit

    Once WordPress is installed, there are two files which are unnecessary and may pose a security risk.

    install.php and install-helper.php

    Disclaimer- I don’t know of any security issues with the files, but they are powerful functions which could be used to compromise a site. :slight_smile:

    These are the only two core files you may choose to delete.

    Alternatively, you may limit access with .htaccess

    # PROTECT install.php
    <Files install.php>
    Order Allow,Deny
    Deny from all
    Satisfy all
    <Files install-helper.php>
    Order Allow,Deny
    Deny from all
    Satisfy all



Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.