Support » Fixing WordPress » All PHP File Can Be Opened Directly

  • Hi…

    I’ve upgraded from wp 2.3 to wp 2.3.1, but now, all php files of the themes, kubrick/default, and other wp themes on my “Themes” folder, can be accessed directly via a browser. I don’t know why.

    I’ve tried to fix it using some ways/tricks, likes the tricks written by Mike: Securing PHP Include Files , also tricks using .htaccess Deny Access to No Referrer Requests, and using a blank index.php (i put in each folder » images « of each theme) but unfortunately, still these php files still can be accesed directly.

    In my .htaccess (root folder) there’s only :

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    I copied from “Permalink” box in my wp-admin panel. And there’s Options -Indexes also in that .htaccess

    so, i need help before i go crazy !

Viewing 8 replies - 1 through 8 (of 8 total)
  • where, give us an example of what you are seeing? A link to a page that you are having this supposed problem with..

    It sounds like your server has directory browsing turned on. Try adding this to the end of your .htaccess file

    Options -Indexes

    If that doesn’t work ask your host to turn it off.

    Thread Starter diabolus

    (@diabolus)

    whooami, thanks for reply. i mean, when every times i tried to open/access a php file of my wp theme via browser, i seeing the full code/content of that php file, for example: when i entering http://mysite.com/wp-content/themes/default/header.php so i see all code/content of that header.php file 🙁

    is there a way to block access it directly?

    I know what you are saying. I didnt ask you to repeat your post – I asked for a page. SHOW ME.

    Options -Indexes will not solve what he/she is describing, if, in fact, it is occurring.

    kubrick/default, and other wp themes on my “Themes” folder, can be accessed directly via a browser.

    Sounded like directory browsing was turned on.

    After the second reply this is not what I thought they were talking about. It sounds like the host doesn’t have the server set up to process php files other than the index.php.

    Thread Starter diabolus

    (@diabolus)

    Sounded like directory browsing was turned on.

    you’re absolutely right, people can’t browsing my themes folder, cause is turned off, i used Options -Indexes in my htaccess.

    what i saying is the header.php or index.php of my themes can be opened directly via browser, e.g.

    http://mysite.com/wp-content/themes/default/header.php

    the host doesn’t have the server set up to process php files other than the index.php

    so, what must i do?

    Kick their a$$…
    Ask your money back…
    Get a decent host…

    – I can’t really think of other options.

    Thread Starter diabolus

    (@diabolus)

    moshu,

    oke, i’ll kick the ass and the brain of my host staff !

    …i’ll give the report 🙂

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘All PHP File Can Be Opened Directly’ is closed to new replies.