Posted 9 months ago #
I just noticed today, on my site if you go to example: "http://your.blog.url/wp-content/uploads/", then it would show a directory listing of all the files in that folder. This might be a security risk (people could steal your data.)
I fixed it by adding a .htaccess file in /wp-content/ with the line:
Options -Indexes
I am not sure if it is just my site, or everyone elses.
But if not done so already, I suggest that this file be added by default.
Not a bug. Just a preference.
This might be a security risk (people could steal your data.)
Well. No. If you've linked to the image in your post, I can get the full URL anyway.
http://yourdomain.com/wp-content/uploads/2011/07/blog_header4.png
See? not that hard :) (I'm not using your real URL, but you get the idea)
Posted 9 months ago #
Thanks for your reply, Ipstenu.
Actually I was thinking that you might not want just anyone to be able to access certain images.
For example, if I created a post with some secret images, and password protected it so that only certain people could view it; some random person online could just go into /wp-content/uploads/ to find it, when I don't want them too.
Disabling indexes makes it harder for them to access that secret image, as they don't know it's URL.
Oh, very true, which is why I always do it. But it's not a bug, still :) Just a personal preference. Same as why I block hotlinking.
You must log in to post.
