As I was reading this current thread, http://wordpress.org/support/topic/231693 , I noticed that if you click on the theme directory link, anyone can view what themes you have uploaded, and then further, if you click on a theme folder, an error message will show through the browser which contains the file system path from your server.
This is a privacy issue as a Web site owner may not want his server login name to be publicly viewable via the error message displaying something like /home/username/wordpress/wp-content/themes/theme-name/.
Does anyone know how to make it so that none of these types of error messages show for any possible URL accessing WordPress?
ClaytonJames
Member
Posted 3 years ago #
I believe one method to prevent that, is to place an entry in your .htaccess file. Place this at the top of the file...
Options -Indexes
I think that should prevent casual directory browsing.
[Edit] :-)
I found that this occurs when in php.ini
display_errors = On
On shared hosting, not having access to the main php.ini file, one can put a php.ini file in one's root www directory with
display_errors = Off
and put in the .htaccess file
SetEnv PHPRC path-to-root
P.S. php.ini does not inherit so you'd have to copy the original php.ini and make the changes you want. Also, I guess the php.ini file doesn't actually have to be in the www directory and probably better not to.
ClaytonJames
Member
Posted 3 years ago #
Your concern obviously went deeper than just the casual browsing of directories. Glad you got it sorted out!
:-)
dancer