Bloggers Disable Directory Indexing

26 March, 2009 - 01:00 PM - 6 Comments

If you are running a wordpress blog then you may be vulnerable to hacks and attacks by having your plugins exposed without you even realizing it. Test this by hitting your blog URL/wp-content/plugins and see if you get a full index listing of your wordpress plugins.

If you can see all of your plug-ins, then you need to disable your directory indexing to avoid exposing this information to malicious intentions. To do this you need access to your web server and you would need to edit your .htaccess file

Once you edit the .htaccess file put this line anywhere in side the file

Options -Indexes

Then save your file

Now test your http://www.SITE.com/wp-content/plugins and you should instead see your blogs 404 page and not your directory list of plugins exposed.

This will also protect your site from exposing directory listing on any folder that doesn’t have a index.htm or index.html file. Unless you intentionally want to allow people to access directories to download files from your blog or server, you should have directory indexing turned off.

Now, if you do want some folders to have directory indexing and you want to just disable directory indexing for a single folder, this little trick will disable it for one folder.

create a 0 byte index.html file in the folder you want to specifically disable directory indexing

Example, to disable Directory Indexing for just the wp-content/plugins folder you would perform the following on your web site.

cd dragonblogger/
cd wp-content/plugins
touch index.html

Now if you hit your website/wp-content/plugins you will get a blank page instead of your directory listing.

-Dragon Blogger

A Decent DoFollow Blog Directory A DoFollow blog directory with over 100 listed DoFollow blogs in a variety of categories. Find other DoFollow blogs or...
Disable Right Click On WordPress: 2 Methods To Reduce Plagiarism How to Disable Right-Click on Wordpress Blogs with and without using Plugins to Reduce Copy-Paste Plagiarism....
Finding And Removing Dead Links For Your Blog I was using Google Web Master tools and noticed the number of 404 pages found on my blog had skyrocketed...
Web Site Security Basics Part 1 This article is for anyone who runs a web site professionally or as a hobby.Â It doesn’t matter if you...
Dealing with a Hacked WordPress Blog Wordpress php files can become hacked and your blog can be compromised, look for aWYoZnVu string in your .php files...

Written by Justin Germino (1518 Articles Published)

Working in the IT Industry for over 10 years and specializing in web based technologies. Dragon Blogger has unique insights and opinions to how the internet and web technology works. An Avid movie fan, video game fan and fan of trying anything and everything new.

Follow Justin Germino on Twitter @dragonblogger

Tom Tom

Thank you for sharing.I get lost without a GPS these days! In the past I had a reasonable sense of direction and could use a map well but today if I’m stuck without a GPS

share flag

spam
offensive
disagree
off topic

Jim @ GPS Vehicle Tracking

Awesome info Dragon - I just had a run in with hacking issues recently where some hacker broke in and apparently through a security hole planted a Phishing Scam that was sending our emails.

Any way the ISP listed some possible solutions, but ultimately they moved the domain to a newer server that had corrected this security issue. They did list the following possible causes and solutions, which your readers might find interesting.

Possible Causes and Solutions
---------------------------------
1. An abuser may have gotten access to a cpanel/ftp/ssh account and used it to login and upload malicious scripts/software to the server or to send unsolicited e-mails. Check your access logs for any suspicious behavior containing information provided in the report.

2. You or your client could have installed or has not maintained script/software uploaded to the server.
Check the server for any outdated scripts that need to be updated. Most popular outdated scripts are phpbb, php-nuke, formmail, and other send mail type scripts.