Do you have this line in your .htaccess file?
ErrorDocument 404 /wordpress/index.php?error=404
Thread Starter
weeble
(@weeble)
Now I do :0
But now how do I protect my WP folders ? (wp-content, wp-ugins, etcc..)
Could I redirect users when they try to go these directories?
Also how I can change /wp-admin to something else, like /admin
thanks
Whatever you do, don’t do anything to “secure” wp-admin. It’s already secure. Anyone attempting to access the directory will be sent to a login page. Now, for the rest …
Either add an index.php to the directories with only the following line in it (all on one line):
<?php header('Location: http://www.example.com/wordpress/index.php'); ?>
Or, add this to a .htaccess file in each of those directories:
Options All -Indexes
The index.php file will do a redirect to what ever domain you specify, and the .htaccess file will issue a 403 Access Denied error. Again, do not modify /wp-admin/ with either of these files.
It seems that when not logged in, o another another computer or whatever, you can view the contents of my wp directories… they do not have htaccess files in them, so i tried putting the one from my main dir in them but this does not help… perhaps because the one from my main directory appears to have nothing in it?
I really dont know how these things work but can someone tell me how to secure my directories?
Thanks very much.
Just because you can get a directory listing does not mean they are not secure. If you don’t want a list in any of your directories put:
Options -Indexes
in your root .htaccess file or put an index file in each directory you want to deny a directory listing (or an htaccess file with the above line)
.
Ok… but my htaccess file in the root contains NOTHING… is this correct?
I will add options -indexes… I guess I just type it on line one and then leave a line after? Like..
‘options -indexes’
heh.
Yeah?
(Thanks very much for the info)
