What files are you trying to block? Or more to the point — why do you think you need to do this?
Well I thought it might be a good idea that people would not be able to browse the core files. I suppose that they might be able to gather personal information or no? I have never seen it where one would have access to core files like this. I mean you could browse any directory and download, save and read anything. If I am incorrect let me know.
Thanks,
Matt
No, that’s not how PHP works (you cannot view the source of PHP script from within your browser), not to mention, none of the data of your site is stored in any file. It’s all in your database.
Stop worrying. Don’t you think that if it was a problem, we woulda done something about it? 😉
Viper is correct, your fears, while understandable, are unnecessary. PHP files are processed by, well, PHP before the output is sent to the client requesting whatever it is. So, basically, people won’t see the source unless you allow them to.
You can sleep easy, for tonight is not the night that people will hack your gibson.
Thanks for the info. I have a PHP based internet store and that blocks any access to any file by default. That is what sparked my interest in the lack of such protection. Thank you though.
Matt
I think Viper may have misunderstood me. You can actually goto my site and download any core file. http://www.mattstamp.com/weblog/
This is what I am talking about. Not how the PHP is processed.
For all that may come across this I have found my answer.
Make an .htaccess file and the only thing that is needed is:
IndexIgnore */*
This will make directories look empty when people browse them.
The only directory I have seen to be browse-able is the base directory of wordpress.
