I guess this is a serious issue please have a look at it http://teckzone.in/blog/2012/01/20-of-the-wordpress-blogs-expose-their-indexes-open/
20% of the WordPress Blogs expose Upload Directory Open (5 posts)
-
bkvirendra
Posted 4 months ago # -
ClaytonJames
Posted 4 months ago #I would be inclined to argue that the idea behind this article is good, but perhaps confusing and poorly presented. The phrasing/presentation behind the idea could also simply be a matter of languages.
Uploads is, by default, a directory where you store items that are intended to be web accessible. Anyone with a web browser can view the path to anything in your source, and then download anything they can access. "wget" is also not really a "trick" of any type. It's just another common tool.
If you are storing sensitive or private items in a directory that is by design, intended to serve public content for your blog, then any issue of responsibility and security resides solely with you.
The same behavior can be found to be true of any web accessible directory on any site, using any platform, that has not been guarded against casual browsing and does not contain an 'index' file. It's nothing new.
This article might be more enjoyably informative if it were titled, "How to prevent casual browsing of your web accessible directories", because that's what it seems to actually be about. It's not really an issue.
I wouldn't mind seeing how the "20%" calculation was arrived at, though.
-
Also, plugins are stored in wp-content/plugins and not the uploads folder.
-
Added to which, any half-decent hosts (or site owners) would be disabling all directory indexing by default. Bottom line - this isn't a WordPress issue. At most, it's a hosting one.
-
And if the host doesn't, you can do it.
Put this on the first line of your .htaccess:
Options -Indexes
Reply
You must log in to post.
