“Silence is Golden”— Strange “index.php” file shows up in “wp-content” folder

  • AlamoBill

    (@alamobill)


    18 years, 3 months ago

    This may just be my ignorance, but I was rummaging around in my WordPress directory and ran across an index.php file in my wp-content directory. There’s nothing inside it except the remark “Silence is golden.”

    It may just be a cute file created by the upgrade, install routine, or a plugin, but I did a text search on the whole wordpress directory and didn’t find a text string with “silence is golden” anywhere. That makes me think the unexpected appearance of the file could be a subtle sign of malicious hacking.

    Anyone have a similar file/experience?

    Thanks,

    bill b
    http://historeo.com/wordpress

Viewing 8 replies - 1 through 8 (of 8 total)
  • CarolineG

    (@carolineg)

    18 years, 3 months ago

    That file is supposed to be there.
    I have it on my machine in the folder I uploaded to my website, came right out of the zip.
    So no worries about hacking!

    Mark (podz)

    (@podz)

    18 years, 3 months ago

    Edited:
    It IS there……. and it is part of the package.
    Hmmm…….

    BillB

    (@billb)

    18 years, 3 months ago

    Thanks so much for the quick replies.

    …curious though that I unpacked the latest install package and did a text search on the contents of the files in the wordpress directory and didn’t find the “Silence is golden” string.

    Probably a mistake on my part.

    Thanks again,

    bill b
    http://historeo.com/wordpress

    iand

    (@iand)

    18 years, 3 months ago

    I am guessing it is to stop people seeing if there are any extra folders in wp-content (writable ones??)

    mniepert

    (@mniepert)

    18 years, 3 months ago

    The problem is that for the “upload picture” function to work correctly (PHP as apache module), the wp-content folder has to have permissions set to 777. Putting this file there prevents people from browsing the directory which is especially dangerous in this case. It helps a bit but doesn’t change the fact that permissions set to 777 within the www-root is a security issue…

    kickass

    (@kickass)

    18 years, 3 months ago

    mniepert, there is a plugin called iimage that will allow uploads without setting a 777 on the wp-content folder (which is an EXTREMELY bad idea for all you noobs who wanna upload images or back up your database and find you need to set that stupid INSECURE permission to use the utility. Advice- learn to use phpmyadmin instead, and get the iimage plugin.)

    vkaryl

    (@vkaryl)

    18 years, 3 months ago

    And there’s an alternative for those who really don’t want to deal with phpmyadmin for backups: ask you host to backup your database – most “real, decent” hosts will be happy to help you out with this.

    Caveat: if you’re using yahoo or godaddy, they’re not going to help – and in fact they’re not even going to answer your mail requesting this. Get a REAL host. You get what you pay for….

    pgale

    (@pgale)

    17 years, 3 months ago

    I know this is an old discussion, but I just found a theme with this same rouge file. It does NOT prevent the wp-content folder from being seen. Quite the contrary, I just did a site check on a recent blog I installed and the entire plugins folder IS indexed with this particular theme and also a separate blog with the same theme.

    I checked a different WP theme blog and no indexing of these folders that shouldn’t be indexed in the first place.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘“Silence is Golden”— Strange “index.php” file shows up in “wp-content” folder’ is closed to new replies.

Tags