WordPress.org

Forums

"Silence is Golden"--- Strange "index.php" file shows up in "wp-content" folder (9 posts)

  1. AlamoBill
    Member
    Posted 9 years ago #

    This may just be my ignorance, but I was rummaging around in my WordPress directory and ran across an index.php file in my wp-content directory. There's nothing inside it except the remark "Silence is golden."

    It may just be a cute file created by the upgrade, install routine, or a plugin, but I did a text search on the whole wordpress directory and didn't find a text string with "silence is golden" anywhere. That makes me think the unexpected appearance of the file could be a subtle sign of malicious hacking.

    Anyone have a similar file/experience?

    Thanks,

    bill b
    http://historeo.com/wordpress

  2. CarolineG
    Member
    Posted 9 years ago #

    That file is supposed to be there.
    I have it on my machine in the folder I uploaded to my website, came right out of the zip.
    So no worries about hacking!

  3. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Edited:
    It IS there....... and it is part of the package.
    Hmmm.......

  4. BillB
    Member
    Posted 9 years ago #

    Thanks so much for the quick replies.

    ...curious though that I unpacked the latest install package and did a text search on the contents of the files in the wordpress directory and didn't find the "Silence is golden" string.

    Probably a mistake on my part.

    Thanks again,

    bill b
    http://historeo.com/wordpress

  5. iand
    Member
    Posted 9 years ago #

    I am guessing it is to stop people seeing if there are any extra folders in wp-content (writable ones??)

  6. mniepert
    Member
    Posted 9 years ago #

    The problem is that for the "upload picture" function to work correctly (PHP as apache module), the wp-content folder has to have permissions set to 777. Putting this file there prevents people from browsing the directory which is especially dangerous in this case. It helps a bit but doesn't change the fact that permissions set to 777 within the www-root is a security issue...

  7. kickass
    Member
    Posted 9 years ago #

    mniepert, there is a plugin called iimage that will allow uploads without setting a 777 on the wp-content folder (which is an EXTREMELY bad idea for all you noobs who wanna upload images or back up your database and find you need to set that stupid INSECURE permission to use the utility. Advice- learn to use phpmyadmin instead, and get the iimage plugin.)

  8. vkaryl
    Member
    Posted 9 years ago #

    And there's an alternative for those who really don't want to deal with phpmyadmin for backups: ask you host to backup your database - most "real, decent" hosts will be happy to help you out with this.

    Caveat: if you're using yahoo or godaddy, they're not going to help - and in fact they're not even going to answer your mail requesting this. Get a REAL host. You get what you pay for....

  9. pgale
    Member
    Posted 8 years ago #

    I know this is an old discussion, but I just found a theme with this same rouge file. It does NOT prevent the wp-content folder from being seen. Quite the contrary, I just did a site check on a recent blog I installed and the entire plugins folder IS indexed with this particular theme and also a separate blog with the same theme.

    I checked a different WP theme blog and no indexing of these folders that shouldn't be indexed in the first place.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags