WordPress.org

Support

Support » How-To and Troubleshooting » A bit more security

A bit more security

  • Hello,

    I would like to securise a bit more my website.
    In directories like wp-content, there’s a index.php file with “nothing” inside.
    Do you think (and how to do) it’s possible to add code in this index.php file to generate a 404 error page?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Krishna

    @1nexus

    Member

    Did you edit the index.php file? Try replacing with a fresh copy and see if 404 pages are generated again.

    Read: http://codex.wordpress.org/Hardening_WordPress

    This is the orginal code…

    <?php
    // Silence is golden.
    ?>

    Krishna

    @1nexus

    Member

    Site URL?

    OurWebSupport

    @ourwebsupport

    Why do you want to change this file? having this file in the folder prevents visitors from randomly seeing a list of your files in the folder. Are you experiencing a problem with visitors accessing your site?

    It’s easy to understand is based on WP CMS when somenone find a directory wp-ABC … so it could be interesting to add a fake 404 error page.

    Maybe it’s not the best way, but I would like more security…

    Krishna

    @1nexus

    Member

    It seems what you reproduced above is the replaced code. Check what you have in your original index.php file after downloading a fresh copy of your theme.

    Moderator Jan Dembowski

    @jdembowski

    I would like to securise a bit more my website.

    Okay.

    Do you think (and how to do) it’s possible to add code in this index.php file to generate a 404 error page?

    Don’t edit those empty (or small) files that came with WordPress. You’ll lose the changes at the next update.

    You can try to use .htaccess redirects to a 404 code with specific URLs you can give that a try but that may break things in your WordPress installation.

    Maybe it’s not the best way, but I would like more security…

    This comes up often the idea of security via obscurity. It 100% doesn’t work and could make your installation difficult or impossible for you to support.

    The security is in the code being run and attempting to disguise your installation does not make you any more secure.

    It’s like closing your eyes and hoping Bad People™ don’t see you. Same logic. 😉

    thank you very much for replies!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘A bit more security’ is closed to new replies.