WordPress privacy issue, Directory browsing

Tuesday, January 22nd, 2008 | In Knowledge | Tags: ,

Recently, I found that many blogs, including mine that using wordpress as blogging platform were not privacy enough. Especially at the plugins; themes; and uploads directories under wp-content.

Anyone can directly access to your wp-content and view your plugins, themes and also your contents that store at uploads directory.
Directory Browsing

I did disable the directory browsing at my hosting control panel, but after my hosting provider was upgrading the server and my default settings were preset back to previous version. So, I think the more secure method to protect your privacy of the plugins; the themes you use from being viewable by others, the easy solution is to put a index.html at the plugins; themes and uploads directories. Whereas the contents of index.html can be any phase, message or redirect script. For example,

Invalid Directory Browsing

So, when someone try to type the full URL address and direct access to your plugins; themes; uploads directories, they will see the message or webpage you contents in index.html. Because browsers always read the index file first, when you are not specify which files you want to browse at the directory.


Leave a Reply

Turing Number



Little plugin, Just for fun

Some Simple Flash Games


E-mail This Post