Support » Fixing WordPress » Do I need an .htaccess file in the /wp-content or /themes folder?

  • This is my situation: when I directly access a .php file in my theme filder (e.g. domain.com/wp-content/themes/mytheme/page.php) a php fatal error gets displayed with the name of the function and the full directory of the file calling the function. My questions about this:

    • Is this a big security hole?
    • Should I use .htaccess to prevent any kind of direct access or should I use the ABSPATH code snippet instead?

    Also, I work with a team of devs that have a weird versioning system – they rename old php files by adding a version at the end of the file, after the .php extension thus exposing the whole file to someone who may guess its name. How can I prevent access to these files as well? I’ve renamed most of them and have instructed them to not use this system, but I wonder – how big of a security hole is this (names can’t be guessed easily) and how can I prevent access to these files as well without hindering WordPress in any way?

    Thanks!

  • The topic ‘Do I need an .htaccess file in the /wp-content or /themes folder?’ is closed to new replies.