Support » Fixing WordPress » how do i stop people viewing my wp-content folder?

  • I had to set the permissions to 7777 so that i can upload to it images.. but im noticing now that if i got o my folder like everything is viewable and accessible .. what do i change the permissions to so that it cant be viewed or accessed.. but images can still be uploaded?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Moderator James Huff


    Volunteer Moderator 🚀

    Mark (podz)


    Support Maven

    Open Notepad
    press space once
    save as ‘index.html’
    upload to /wp-content

    Check wp-includes and others. if they have the same problem, upload that blank index again.

    You can also add this line :

    <META HTTP-EQUIV=Refresh CONTENT=”0;”>

    to what Podz said , like this Whenever they try to access this page they will be automatically redirected to your blog link .

    once this is done does that mean i can leave my folder on 7777? for editing purposes.. so i dont have to keep going in and setting permissions?

    Yep, leave the permissions at 777. No need to change that. 666 will probably do though as I don’t think anything needs execute permissions.

    And my personal preference for disabling folder listings is to edit your .htaccess file and add this:

    Options -Indexes

    That’ll give people a 403 error if they try to view the contents of a folder with no index file. You can even make it so that people will get redirected to your blog if they get a 403:

    ErrorDocument 403

    Make a .htaccess file in wp-content and put that there if you only want that folder (and it’s children) to have file listing off rather than your entire site.




    ugh, some ppl just never learn.. shiner, can you even explain WHY you think you need the SUID AND SGID bits set? Or do you even know what you just suggested?

    Since no-one else reads or just doesnt know.. 7777 is THE ABSOLUTELY WORST PERMISSION YOU CAN ASSIGN TO ANYTHING.


    Its not enough to use a simple blog, folks have to turn themselves into Jr. UNIX sysadmins while theyre at it. No matter, that they have no fricken clue what they are doing.

    Why not use the permissions that are NECESSARY for the blog to function properly and contribute to a safer internet for all of us? (Purely rhetorical question)


    And for the record, Viper007Bond, a directory needs to be 0755. executable bits assigned to directorys arent to make the directory “executable” they make them ACCESSABLE

    Lessons in UNIX permissions:

    Podz and Chaaban – Thanks I did that and learned something new – works perfectly.

    Whooami – now don’t go ranting (I am a beginner)at me but do you at least agree with this ? Thanks

    Mark (podz)


    Support Maven

    The only issue with the link above – which is mine – is the 666 files.

    Ideally, you would chmod those to 644 if you are not writing to them (if your theme is stable).
    Some hosts allow the owner to write to those files when they are 644 anyway (my host does)

    But I have come across hosts who require many files to be 777 – there is only one response to that – Move host.

    I think I’m right – but am ready to be corrected – that the list above is the maximum permissions.




    febwa1976, what podz said 🙂

    again, I want to point out that a chmod 7777 is NOT the same as a chmod 0777 aka chmod 777 — I can only hope that what shiner wrote was a typo, and that other people that might read this thread do not follow his example. Thats a disaster waiting to happen.

    whooami / podz, thanks for the clarification and the learning. So far my site works at 644 for the theme files.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘how do i stop people viewing my wp-content folder?’ is closed to new replies.