WordPress.org

Ready to get started?Download WordPress

Forums

how do i stop people viewing my wp-content folder? (11 posts)

  1. shiner25
    Member
    Posted 8 years ago #

    I had to set the permissions to 7777 so that i can upload to it images.. but im noticing now that if i got o my folder like

    domain.com/wp-content/ everything is viewable and accessible .. what do i change the permissions to so that it cant be viewed or accessed.. but images can still be uploaded?

  2. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Open Notepad
    press space once
    save as 'index.html'
    upload to /wp-content

    Check wp-includes and others. if they have the same problem, upload that blank index again.

  3. chaaban
    Member
    Posted 8 years ago #

    You can also add this line :

    <META HTTP-EQUIV=Refresh CONTENT="0; URL=your-blog-link.com/">

    to what Podz said , like this Whenever they try to access this page they will be automatically redirected to your blog link .

  4. shiner25
    Member
    Posted 8 years ago #

    once this is done does that mean i can leave my folder on 7777? for editing purposes.. so i dont have to keep going in and setting permissions?

  5. Yep, leave the permissions at 777. No need to change that. 666 will probably do though as I don't think anything needs execute permissions.

    And my personal preference for disabling folder listings is to edit your .htaccess file and add this:

    Options -Indexes

    That'll give people a 403 error if they try to view the contents of a folder with no index file. You can even make it so that people will get redirected to your blog if they get a 403:

    ErrorDocument 403 http://www.yourblog.com/blah/

    Make a .htaccess file in wp-content and put that there if you only want that folder (and it's children) to have file listing off rather than your entire site.

  6. whooami
    Member
    Posted 8 years ago #

    ugh, some ppl just never learn.. shiner, can you even explain WHY you think you need the SUID AND SGID bits set? Or do you even know what you just suggested?

    Since no-one else reads or just doesnt know.. 7777 is THE ABSOLUTELY WORST PERMISSION YOU CAN ASSIGN TO ANYTHING.

    //rant

    Its not enough to use a simple blog, folks have to turn themselves into Jr. UNIX sysadmins while theyre at it. No matter, that they have no fricken clue what they are doing.

    Why not use the permissions that are NECESSARY for the blog to function properly and contribute to a safer internet for all of us? (Purely rhetorical question)

    rant//

    And for the record, Viper007Bond, a directory needs to be 0755. executable bits assigned to directorys arent to make the directory "executable" they make them ACCESSABLE

    Lessons in UNIX permissions:

    http://www.perlfect.com/articles/chmod.shtml

  7. febwa1976
    Member
    Posted 8 years ago #

    Podz and Chaaban - Thanks I did that and learned something new - works perfectly.

    Whooami - now don't go ranting (I am a beginner)at me but do you at least agree with this

    http://www.tamba2.org.uk/wordpress/chmod/ ? Thanks

  8. Mark (podz)
    Support Maven
    Posted 8 years ago #

    The only issue with the link above - which is mine - is the 666 files.

    Ideally, you would chmod those to 644 if you are not writing to them (if your theme is stable).
    Some hosts allow the owner to write to those files when they are 644 anyway (my host does)

    But I have come across hosts who require many files to be 777 - there is only one response to that - Move host.

    I think I'm right - but am ready to be corrected - that the list above is the maximum permissions.

  9. whooami
    Member
    Posted 8 years ago #

    febwa1976, what podz said :)

    again, I want to point out that a chmod 7777 is NOT the same as a chmod 0777 aka chmod 777 -- I can only hope that what shiner wrote was a typo, and that other people that might read this thread do not follow his example. Thats a disaster waiting to happen.

  10. febwa1976
    Member
    Posted 8 years ago #

    whooami / podz, thanks for the clarification and the learning. So far my site works at 644 for the theme files.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.