<![CDATA[Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing]]>Can you add an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installation, please?

This then prevents scanners from listing the contents of these directories.

I can't think of any downsides to this, either for initial setups, or in addition to existing setups.

]]>https://forum.cloudron.io/topic/9388/security-improvement-add-an-an-empty-index-php-file-to-wp-content-wp-content-plugins-wp-content-themes-and-wp-content-uploads-directories-on-installingRSS for NodeThu, 16 Apr 2026 14:11:11 GMTSun, 11 Jun 2023 14:09:10 GMT60<![CDATA[Reply to Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing on Mon, 12 Jun 2023 12:32:28 GMT]]>@BrutalBirdie You're right, directory browsing is blocked at the server level. I just spotted these missing files and thought a simple no-harm way to cover the same for all instances.

]]>https://forum.cloudron.io/post/68116https://forum.cloudron.io/post/68116Mon, 12 Jun 2023 12:32:28 GMT<![CDATA[Reply to Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing on Sun, 11 Jun 2023 19:19:23 GMT]]>@marcusquinn Oh, file indexing should not be possible by default.
That would be an oversight and not intended.

I just installed a fresh wp-dev and there is an index.php in /wp-content/ plugins and themes.
uploads is missing an index.php.
But also the uploads folder is giving me a 403 forbidden.

🤔 can you check if your wp-dev is fresh or historical?

]]>https://forum.cloudron.io/post/68087https://forum.cloudron.io/post/68087Sun, 11 Jun 2023 19:19:23 GMT