• Is it possible to protect somehow the direct access of the directories from which the cache is served?

    I was checking the logs and it seams like a tap was open and a lot of IPs targeting source files

    wp-content/cache/speedycache/webite.com/assets/---all files---

    My .htaccess prevents direct browsing but not there.. if I am to add a rule in htaccess to prevent direct access to javascript/css and other files the plugin stores the site will not function well even if I do the expectation IP of my website still all in the open… and I feel naked leaving all those files in easy access.
    A bit of security layer would be good.
    Yes, there’s the index.html file in the directory… prevents not displaying the index of files yet as I’ve said…. there’s a leak and IPs are targeting constantly .
    Also, maybe obfuscate the name of the files… I don’t know.
    Maybe it is nothing and it is not a security risk but better safe than sorry I say.

Viewing 1 replies (of 1 total)
  • Plugin Support Vardan

    (@vardan05)

    Hello,

    Thank you for reaching out to us with your concerns.
    The issue you are stating here, the files are meant to be accessed directly as these are just static files which even when if caching is not enabled, are served directly. SpeedyCache just minifies these files and stores them in this folder. And then injects the URL of these files by replacing the URL of the original file.
    And I request you that you create a support thread at https://wordpress.org/support/plugin/speedycache/#new-topic-0 as that would be an appropriate place to discuss this further.

    Regards,
    Vardan

Viewing 1 replies (of 1 total)

The topic ‘Accessible directories – Can become a security risk?’ is closed to new replies.