Are your Word Press Files safe?
The answer is simple No.
How?
Let me show you. First go to your-blog-url/wp-content/uploads or your-blog-url/wp-content/themes or your-blog-url/wp-content/plugins . What do you see? Do you see content inside the folders? Example below.
If your answer is yes than your Word Press files are not safe. I can see them, download them and use them. No worry my friend, I really do not have such intension but others might have. So what to do?
So what should you do?
Well defending your Blog is quite easy. There are two simple methods. One is by editing your .htaccess. Go to .htaccess file and put “Options – Indexes†on any line and save. This will prevents your WordPress folders from being accessed by anyone. The second option if you only want to restrict access to some selected folders is just by creating an index.html file and uploading it to your desired folder. Say you just want your plugins folder to be the one unaccessible, then go to it and upload the html file.Â
The html file can be blank or you can write anything on it. I thought of writing something on it so if you go and visit greatestreviews.net/wp-content/uploads you will see “Dude you are in wrong place. Visit Home Page http://greatestreviews.net/” written there. For me this method is quite nice.
So go on and protect your Word Press files. By the way friends do visit Melvin’s Blog and read his blog post Don’t Let Me Steal Your WordPress Files!  from which the above tricks were taken. He asked his reader to spread this word. Its important and useful, so please spread the word. Melvin says for every 10 blogs that he visits, 7 of them are usually unprotected.
{ 11 comments… read them below or add one }
Good tips, but I don’t think that this is a real emergency.What would someone be able to gain by viewing your WordPress files?”If your answer is yes than your Word Press files are not safe. I can see them, download them and use them. No worry my friend, I really do not have such intension but others might have. So what to do?”You say that you can download them and use them – but can you really? Basically, you will have two types of files in your WordPress folders. PHP files – you “download them and use them” because all PHP files are parsed before they are sent to your browser. Image files (or other things that you attach to your posts) – Users can access these when they access your posts anyway.Instead of using an index.html file, you could use an index.php file. You can make that file just redirect to your blog homepage instead of just linking to it. That might be easier for users.
Austin’s last blog post: Five Recommended Resources (#1)
Well the danger is I may take your theme. You bought some premium theme. I can take all the files. Well forget about premium theme, think about your customized theme. I can download every file and use it.
Now think about the plugin folder. I can see if some plugins are out of date. If I were some hacker I can use it to my advance.
Austin, I didn’t wanted to mention these things here as it is dangerous but am mentioning it because you asked. I am not worried about image files. If you put any image of Internet, virtually it is no more yours.
Nice tip on putting a index.php file which redirects to homepage.
@austin – yeah you’re basically right PHP files are parsed first before going to your browsers. But one thing is that I found out that there are custom scripts/softwares written that can actually grab all contents of the folder. Of course not anyone can have this script.. Also most people (like me) just like to leave the .zip file into the folder w/c makes it easier to grab it
Melvin’s last blog post: Don’t Let Me Steal Your WordPress Files!
@Melvin That’s true.
@Agent Well, I guess that it’s better to be safe than sorry. Thanks for all of the tips.
Hi,
the tips you have mentioned for the folder are great for newbies, but I use ‘WP Security Scan’ plug-in and I get the following message:
“Fatal error: Call to undefined function get_header() in ……../serradinho.com/Blog/wp-content/themes/index.php on line 1″
The plug-in shows you to change the the folder permissions and that is all I did.
The uploads folder is shown, but the plugins folder is blank. I put in an empty file there sometime ago.
I will add an empty file in the uploads folder to fix this.
thanks for sharing this.
I recently done the restrictions things. I never concentrated on this till the last month. But one of my reader mailed me saying he is able to see all the plugins list im using.
Then i changed all the permission to read only
It’s very important point you raised. Good one dude.
TechZoomIn’s last blog post: Plugin To: Make your Images Auto HighSlide
Thanks for the tips!
I don’t think we can download the themes, I tried to visit my own themes folder, I tried to download it, but it brought me to a blank page, so I couldn’t download the themes.
Btw, how can you download the themes?
Between, I’ve created a index page and upload into the folder.
Thanks for the tips dude!
Regards,
Lee
Make Money Online’s last blog post: How To Get Correct Search Result In Google Search Engine
nice tips and really good idea to implement them will be trying them.
which method do you use?
You claim seems to be true. I tried it too but failed. But you know prevention is better than cure. Maybe hackers have some tools to do so. Thanks for the comment.