Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Developer)
  3. Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing

Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing

Scheduled Pinned Locked Moved Solved WordPress (Developer)
3 Posts 2 Posters 414 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcusquinnM Offline
      marcusquinnM Offline
      marcusquinn
      wrote on last edited by
      #1

      Can you add an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installation, please?

      This then prevents scanners from listing the contents of these directories.

      I can't think of any downsides to this, either for initial setups, or in addition to existing setups.

      Web Design https://www.evergreen.je
      Development https://brandlight.org
      Life https://marcusquinn.com

      1 Reply Last reply
      0
      • BrutalBirdieB Offline
        BrutalBirdieB Offline
        BrutalBirdie
        Partner
        wrote on last edited by
        #2

        @marcusquinn Oh, file indexing should not be possible by default.
        That would be an oversight and not intended.

        I just installed a fresh wp-dev and there is an index.php in /wp-content/ plugins and themes.
        uploads is missing an index.php.
        But also the uploads folder is giving me a 403 forbidden.

        🤔 can you check if your wp-dev is fresh or historical?

        Like my work? Consider donating a drink. Cheers!

        marcusquinnM 1 Reply Last reply
        3
        • BrutalBirdieB BrutalBirdie

          @marcusquinn Oh, file indexing should not be possible by default.
          That would be an oversight and not intended.

          I just installed a fresh wp-dev and there is an index.php in /wp-content/ plugins and themes.
          uploads is missing an index.php.
          But also the uploads folder is giving me a 403 forbidden.

          🤔 can you check if your wp-dev is fresh or historical?

          marcusquinnM Offline
          marcusquinnM Offline
          marcusquinn
          wrote on last edited by
          #3

          @BrutalBirdie You're right, directory browsing is blocked at the server level. I just spotted these missing files and thought a simple no-harm way to cover the same for all instances.

          Web Design https://www.evergreen.je
          Development https://brandlight.org
          Life https://marcusquinn.com

          1 Reply Last reply
          0
          • nebulonN nebulon marked this topic as a question on
          • nebulonN nebulon has marked this topic as solved on
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search