1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress directory protection?

Discussion in 'Blogging' started by ShadeDream, Apr 5, 2010.

  1. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    I'm not a programmer hence I'm unsure if this is going to be an issue but basically when you add plugins to a WordPress installation, each plugin directory is accessible by anyone who browses to it. For example, if I upload the platinum seo pack plugin into my WordPress plugins directory, anyone can access the folder for the platinum seo pack plugin in their browser. To prevent this from happening I created a blank index.php file in each plugin folder so that no folders would be accessible through the web browser. I'm wondering if this index.php could cause any errors or interfere with the plugins in any way?
     
    Last edited: Apr 5, 2010
  2. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Would anyone advise me on this?
     
  3. nufaman

    nufaman Elite Member

    Joined:
    May 29, 2009
    Messages:
    1,697
    Likes Received:
    1,185
    WHat permissions does your plugins folder have?

    I just tried to access any plugin folder and it won't let me in my browser
     
  4. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    Use robot files to exclude your plugin directories. For example:

    Code:
    User-agent: *
    Disallow: /wp-content/cache/
    Disallow: /wp-content/themes/
    Disallow: /wp-content/plugins/
    Disallow: /wp-admin/
    Disallow: /wp-includes/
    Disallow: /wp-login.php 
    will keep both surfers and bots from those folders. Guh-oogle sometimes disregards robot files, but hey it's guh-oogle what are you gonna do? robot files will at least thwart the casual surfer.
     
  5. nufaman

    nufaman Elite Member

    Joined:
    May 29, 2009
    Messages:
    1,697
    Likes Received:
    1,185
    Robots.txt has nothing to do with someone being able to visit a folder, it is just to avoid getting the contents crawled by the bots
     
  6. tami6699

    tami6699 Regular Member

    Joined:
    Oct 8, 2009
    Messages:
    446
    Likes Received:
    729
    Code:
    Order deny,allow
    Deny from all
    Allow from <ip>
    .htaccess
     
    • Thanks Thanks x 1
  7. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    yeah crap, right, sorry....I really need to have more coffee before I try posting technical info
     
  8. jacobus

    jacobus Newbie

    Joined:
    May 15, 2008
    Messages:
    33
    Likes Received:
    28
    a blank 'index.php' or 'index.html' works just fine.
     
  9. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    By default it's 755. So if I try accessing wp-content/plugins/platinum-seo-pack, the platinum seo pack folder shows all the files in it. So I just created a blank index.html file in each plugin folder. I was just wondering if that?s the best thing to do. I don't think chmod has anything to do with this.

    Oh, okay. I guess that's the answer I was looking for. Thanks.
     
  10. al8xandru

    al8xandru Newbie

    Joined:
    Mar 23, 2010
    Messages:
    14
    Likes Received:
    2
    Home Page:
    thats what i use to protect my templates from being access directly
    Code:
    <Files *.tpl>
    order allow,deny
    deny from all
    </Files>
    and i use this
    Code:
    Options -Indexes
    not to allow directory listings.
    Ohh btw this are for .htaccess
     
    • Thanks Thanks x 1
  11. tami6699

    tami6699 Regular Member

    Joined:
    Oct 8, 2009
    Messages:
    446
    Likes Received:
    729
    The .htaccess solution is much more better and also better/easier for administration (you only have to put the /plugin, the deny, and you don't have to remember to put in all /plugin/xyzplugin your empty index.php inside)...
     
  12. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    I ended up staying with a blank index.php file. Using .htaccess deny from all, will screw up some plugins and if you put this in your themes folder, it will screw up your whole design and css because it denies access from all the files stored in the themes/plugins directory or wherever you place the .htaccess file.
     
  13. mointernet

    mointernet Regular Member

    Joined:
    Apr 21, 2008
    Messages:
    315
    Likes Received:
    151
    instead of putting in a blank index.php, have it redirect to the main homepage of your site or anywhere else would be a better choice.

    Code:
    <?php
    header("location: http://yourhomepage.com");
    ?>
    
    put it in your plugins, themes and wp-content directories, people getting to it will be brought back to your homepage or anywhere else you specify.
     
    • Thanks Thanks x 1