Support » Themes and Templates » server file system path showing through browser from theme directory

  • Resolved dancer

    (@dancer)


    As I was reading this current thread, http://wordpress.org/support/topic/231693 , I noticed that if you click on the theme directory link, anyone can view what themes you have uploaded, and then further, if you click on a theme folder, an error message will show through the browser which contains the file system path from your server.

    This is a privacy issue as a Web site owner may not want his server login name to be publicly viewable via the error message displaying something like /home/username/wordpress/wp-content/themes/theme-name/.

    Does anyone know how to make it so that none of these types of error messages show for any possible URL accessing WordPress?

Viewing 4 replies - 1 through 4 (of 4 total)
  • I believe one method to prevent that, is to place an entry in your .htaccess file. Place this at the top of the file…

    Options -Indexes

    I think that should prevent casual directory browsing.

    [Edit] 🙂

    Thread Starter dancer

    (@dancer)

    I found that this occurs when in php.ini

    display_errors = On

    On shared hosting, not having access to the main php.ini file, one can put a php.ini file in one’s root www directory with

    display_errors = Off

    and put in the .htaccess file

    SetEnv PHPRC path-to-root

    Thread Starter dancer

    (@dancer)

    P.S. php.ini does not inherit so you’d have to copy the original php.ini and make the changes you want. Also, I guess the php.ini file doesn’t actually have to be in the www directory and probably better not to.

    Your concern obviously went deeper than just the casual browsing of directories. Glad you got it sorted out!

    🙂

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘server file system path showing through browser from theme directory’ is closed to new replies.