Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Developer)
  3. Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing

Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing

Scheduled Pinned Locked Moved Solved WordPress (Developer)
3 Posts 2 Posters 172 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by
    #1

    Can you add an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installation, please?

    This then prevents scanners from listing the contents of these directories.

    I can't think of any downsides to this, either for initial setups, or in addition to existing setups.

    Web Design https://www.evergreen.je
    Development https://brandlight.org
    Life https://marcusquinn.com

    1 Reply Last reply
    0
    • BrutalBirdieB Offline
      BrutalBirdieB Offline
      BrutalBirdie Partner
      wrote on last edited by
      #2

      @marcusquinn Oh, file indexing should not be possible by default.
      That would be an oversight and not intended.

      I just installed a fresh wp-dev and there is an index.php in /wp-content/ plugins and themes.
      uploads is missing an index.php.
      But also the uploads folder is giving me a 403 forbidden.

      🤔 can you check if your wp-dev is fresh or historical?

      Like my work? Consider donating a drink. Cheers!

      marcusquinnM 1 Reply Last reply
      3
      • marcusquinnM Offline
        marcusquinnM Offline
        marcusquinn
        replied to BrutalBirdie on last edited by
        #3

        @BrutalBirdie You're right, directory browsing is blocked at the server level. I just spotted these missing files and thought a simple no-harm way to cover the same for all instances.

        Web Design https://www.evergreen.je
        Development https://brandlight.org
        Life https://marcusquinn.com

        1 Reply Last reply
        0
        • nebulonN nebulon marked this topic as a question on
        • nebulonN nebulon has marked this topic as solved on

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search