If you are looking out to secure your WordPress blog then this post will be of great help to you.
By default your WordPress blog’s Plugins, Themes and Uploads folder are accessible to anyone and everyone. So for an Hacker it’s a great way to intrude into your blog by exploiting the weakness of a WordPress plugin or a theme on your blog.
To avoid this there is a very easy solution.
1) All you have to do is access your WordPress Blog through FTP.
2) Find this file ” .htaccess”
3) Open it with a Notepad
4) Add this code: Options All -Indexes
5) Your blog is now secure.
By doing this you are disabling the directory browsing option. So nobody can know what WordPress theme or plugins you use.
No related posts.
Hey, this is Kamal and I operate the NPXP network of websites. I am a blogger as well as a freelancer.
Thanks a lot for this steps on disabling word press directory browsing. This is such a big help for me and my colleagues. Keep it up and I’ll be looking forward for more relevant post from you.
You can also turn off directory browsing in cpanel if your hosting company uses cpanel near the bottom advanced section titled “Index Manager”. It simply adds to or creates the necessary .htaccess for you. Basically a little more graphical interface some people find easier to understand.
You could also use .htaccess to deny from all to the particular directory so if they try to access it directly they are denied, but when accessed through your site links they would be allowed. Or you could redirect them to another page, homepage, whatever.
There are some really good and fairly simple .htaccess modifications that can stop or help prevent a lot of attacks or unwanted things from happening to your site.
Another thing to check is make a phpinfo.php file that will display your how your host has php compiled, configured, and setup. Some hosts have some questionable insecure settings that can lead to some bad guys causing problems. Be sure to delete phpinfo.php from the server when you are done to prevent others from checking out your hosts setup. A lot of it can be changed by means of .htaccess or php.ini file depending on your hosts configuration.
Anyway it’s never ending, but always good to learn and keep up on as much as you can.
Good luck everyone.