WordPress.org

Ready to get started?Download WordPress

Forums

A bit more security (10 posts)

  1. oweb
    Member
    Posted 1 year ago #

    Hello,

    I would like to securise a bit more my website.
    In directories like wp-content, there's a index.php file with "nothing" inside.
    Do you think (and how to do) it's possible to add code in this index.php file to generate a 404 error page?

  2. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    Did you edit the index.php file? Try replacing with a fresh copy and see if 404 pages are generated again.

    Read: http://codex.wordpress.org/Hardening_WordPress

  3. oweb
    Member
    Posted 1 year ago #

    This is the orginal code...

    <?php
    // Silence is golden.
    ?>
  4. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    Site URL?

  5. oweb
    Member
    Posted 1 year ago #

  6. OurWebSupport
    Member
    Posted 1 year ago #

    Why do you want to change this file? having this file in the folder prevents visitors from randomly seeing a list of your files in the folder. Are you experiencing a problem with visitors accessing your site?

  7. oweb
    Member
    Posted 1 year ago #

    It's easy to understand is based on WP CMS when somenone find a directory wp-ABC ... so it could be interesting to add a fake 404 error page.

    Maybe it's not the best way, but I would like more security...

  8. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    It seems what you reproduced above is the replaced code. Check what you have in your original index.php file after downloading a fresh copy of your theme.

  9. I would like to securise a bit more my website.

    Okay.

    Do you think (and how to do) it's possible to add code in this index.php file to generate a 404 error page?

    Don't edit those empty (or small) files that came with WordPress. You'll lose the changes at the next update.

    You can try to use .htaccess redirects to a 404 code with specific URLs you can give that a try but that may break things in your WordPress installation.

    Maybe it's not the best way, but I would like more security...

    This comes up often the idea of security via obscurity. It 100% doesn't work and could make your installation difficult or impossible for you to support.

    The security is in the code being run and attempting to disguise your installation does not make you any more secure.

    It's like closing your eyes and hoping Bad People™ don't see you. Same logic. ;)

  10. oweb
    Member
    Posted 1 year ago #

    thank you very much for replies!

Topic Closed

This topic has been closed to new replies.

About this Topic