Does no answer mean there is NO support for this plugin???
@pete
According to the FAQ section in the readme.txt:
= Where can I get help if something goes wrong? =
* Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.
Free support may be available with the help of the community in the WordPress.org support forums (Note: this is community-provided support. iThemes does not monitor the WordPress.org support forums).
dwinden
@pete
Have you tried accessing the file directly instead of the folder ?
For example. Let’s say you saved an image named test.jpg in the wp-content/uploads/2016/03 folder.
Try and access the file directly like this:
http://www.domain.com/wp-content/uploads/2016/03/test.jpg
Let me know if you specifically need access to the folder to browse its content.
dwinden
yes i have and i get blocked.
Have to turn off ITS to get the file
@pete
You mean deactivate the iTSec plugin (=turn off ITS).
Direct file access works fine in my test env.
When I try to access the folder I get:
Forbidden
You don’t have permission to access /wp-content/uploads/2016/03/ on this server
Which is a 403 status code and not a 404 (page not found).
Seems like we are missing a piece of the puzzle.
Anyway there is only one iTSec plugin setting that may be related.
If enabled try and disable the Directory Browsing setting in the System Tweaks section of the iTsec plugin Settings page.
dwinden
@pete
Correction. There is another iTSec plugin setting that seems to have an unexpected side effect.
If you also have the Disable PHP in Uploads setting enabled try and disable it.
After disabling both (System Tweaks section) settings I was able to access and browse the folder. No more 403.
dwinden
Yes I disabled the whole plugin.
But have found that if I untick the Disable Directory Browsing then I can see the particular directory I am wanting to see.
However I can see EVERY other directory ( that doesnt have an index.php file) also which I dont want..
There must be a way to allow one directory to be viewed via a URL link.
I guess if ITS dont want to help out in here then I am stuck or looking at another plugin that will allow me to do the job
@pete
Yes I disabled the whole plugin.
But have found that if I untick the Disable Directory Browsing then I can see the particular directory I am wanting to see.
However I can see EVERY other directory ( that doesnt have an index.php file) also which I dont want..
Ok, so unticking the iTSec plugin Disable Directory Browsing setting turns out to be the answer to the question you initially opened this topic for. Right ?
So that answer/solution warrants this topic to be marked as ‘resolved’. Right ?
However when the Disable Directory Browsing setting is unticked you can see EVERY other directory ( that doesnt have an index.php file) also (which I think is another issue).
Apparently your Apache web server main configuration file includes by default:
Options Indexes
Which is weird because it is not a secure thing to do.
Anyway this has nothing to do with the iTSec plugin.
To get what you want you’ll probably need to:
– Enable the iTSec plugin Disable Directory Browsing setting.
– And manually create a .htaccess file in the single folder you want to give access to and include the following line:
Options +Indexes
I tested the above and it works fine.
I guess if ITS dont want to help out in here then I am stuck or looking at another plugin that will allow me to do the job
iThemes could not care less …
(Note I’m not an iThemes employee …)
According to the FAQ section in the plugin readme.txt file:
= Where can I get help if something goes wrong? =
* Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.
Free support may be available with the help of the community in the WordPress.org support forums (Note: this is community-provided support. iThemes does not monitor the WordPress.org support forums).
So if you don’t mind please mark this (and the other older) topic as ‘resolved’.
dwinden
no it is NOT solved.
The first line in my first post says
“How can I give access to one folder within my site.”
thats ONE directory…
If I tick the tick out of Disable Directory Browsing then every folder that does not automatically have a index.php file in it can be viewed
I guessed your not an employee of ITS, but to tell me to make this resolved when it isnt, sure sounds like you are trying to make ITS look good because all the posts are marked as Resolved…
@pete
And the other topic ?
I tested my solution and it works in my test env …
Anyway it not an iTSec plugin issue but a standard web server access configuration issue.
I think I’ve been pretty helpful pointing out the iTSec plugin settings that you should be aware of.
If I tick the tick out of Disable Directory Browsing then every folder that does not automatically have a index.php file in it can be viewed
You need to tick the Disable Directory Browsing setting. Not untick.
I guess we are both not good readers … 😉
Ok, so according to you I’m trying to make the iTSec plugin look good …
Well actually the iTSec plugin is crap. It does NOT protect your website. I would NEVER EVER use it on a live website … and iThemes sucks. So how does that sound ?
dwinden
I made 1 mistake in my wording
If I TAKE the tick out of Disable Directory Browsing then every folder that does not automatically have a index.php file in it can be viewed
So as far as I see. using ITS to protect my site works, ( somewhat) but I should be able to make 1 small change and give access to ONE folder. But no.
ITS locks it ALL down or leaves it ALL open..
For someone who doesnt like ITS, you sure spend a lot of time trying to solve a lot of ITS errors.
Anyway ITS is lacking and Staff dont care
So thats it for me..
@pete
So as far as I see. using ITS to protect my site works, ( somewhat) but I should be able to make 1 small change and give access to ONE folder. But no.
Yes, you can. But don’t look for a solution in the iTSec plugin.
You’ve learned which 2 iTSec plugin settings affect file/folder access and
now you only need to shift your attention towards webserver config.
Using an extra .htaccess file with proper content in the folder you want to give access to should do the trick.
If you can’t get it to work on your hosting env don’t give up and contact your hosting provider. If they can’t assist you with such a basic web server task look out for a different hosting provider.
Oh and spending some of my time in this forum helps me learn new things. It doesn’t necessarily mean I like the plugin in its current form …
That said this security plugin does seem to have some potential. It just needs some extra effort to iron out a shit load of bugs …
Don’t forget about the other topic … 😉
dwinden
This one.
It only got updated 6 times last week … you did not notice ?
dwinden
