WordPress.org

Ready to get started?Download WordPress

Forums

All PHP File Can Be Opened Directly (9 posts)

  1. diabolus
    Member
    Posted 6 years ago #

    Hi...

    I've upgraded from wp 2.3 to wp 2.3.1, but now, all php files of the themes, kubrick/default, and other wp themes on my "Themes" folder, can be accessed directly via a browser. I don't know why.

    I've tried to fix it using some ways/tricks, likes the tricks written by Mike: Securing PHP Include Files , also tricks using .htaccess Deny Access to No Referrer Requests, and using a blank index.php (i put in each folder » images « of each theme) but unfortunately, still these php files still can be accesed directly.

    In my .htaccess (root folder) there's only :

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    I copied from "Permalink" box in my wp-admin panel. And there's Options -Indexes also in that .htaccess

    so, i need help before i go crazy !

  2. whooami
    Member
    Posted 6 years ago #

    where, give us an example of what you are seeing? A link to a page that you are having this supposed problem with..

  3. Jeremy Clark
    Moderator
    Posted 6 years ago #

    It sounds like your server has directory browsing turned on. Try adding this to the end of your .htaccess file

    Options -Indexes

    If that doesn't work ask your host to turn it off.

  4. diabolus
    Member
    Posted 6 years ago #

    whooami, thanks for reply. i mean, when every times i tried to open/access a php file of my wp theme via browser, i seeing the full code/content of that php file, for example: when i entering http://mysite.com/wp-content/themes/default/header.php so i see all code/content of that header.php file :(

    is there a way to block access it directly?

  5. whooami
    Member
    Posted 6 years ago #

    I know what you are saying. I didnt ask you to repeat your post - I asked for a page. SHOW ME.

    Options -Indexes will not solve what he/she is describing, if, in fact, it is occurring.

  6. Jeremy Clark
    Moderator
    Posted 6 years ago #

    kubrick/default, and other wp themes on my "Themes" folder, can be accessed directly via a browser.

    Sounded like directory browsing was turned on.

    After the second reply this is not what I thought they were talking about. It sounds like the host doesn't have the server set up to process php files other than the index.php.

  7. diabolus
    Member
    Posted 6 years ago #

    Sounded like directory browsing was turned on.

    you're absolutely right, people can't browsing my themes folder, cause is turned off, i used Options -Indexes in my htaccess.

    what i saying is the header.php or index.php of my themes can be opened directly via browser, e.g.

    http://mysite.com/wp-content/themes/default/header.php

    the host doesn't have the server set up to process php files other than the index.php

    so, what must i do?

  8. moshu
    Member
    Posted 6 years ago #

    Kick their a$$...
    Ask your money back...
    Get a decent host...

    - I can't really think of other options.

  9. diabolus
    Member
    Posted 6 years ago #

    moshu,

    oke, i'll kick the ass and the brain of my host staff !

    ...i'll give the report :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.