Security improvement: Add an an empty index.php file to /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories on installing
-
Can you add an empty
index.phpfile to/wp-content/,/wp-content/plugins/,/wp-content/themes/and/wp-content/uploads/directories on installation, please?This then prevents scanners from listing the contents of these directories.
I can't think of any downsides to this, either for initial setups, or in addition to existing setups.
-
@marcusquinn Oh, file indexing should not be possible by default.
That would be an oversight and not intended.I just installed a fresh wp-dev and there is an
index.phpin/wp-content/pluginsandthemes.
uploadsis missing anindex.php.
But also theuploadsfolder is giving me a 403 forbidden.
can you check if your wp-dev is fresh or historical? -
@marcusquinn Oh, file indexing should not be possible by default.
That would be an oversight and not intended.I just installed a fresh wp-dev and there is an
index.phpin/wp-content/pluginsandthemes.
uploadsis missing anindex.php.
But also theuploadsfolder is giving me a 403 forbidden. can you check if your wp-dev is fresh or historical?@BrutalBirdie You're right, directory browsing is blocked at the server level. I just spotted these missing files and thought a simple no-harm way to cover the same for all instances.
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login