Support » Fixing WordPress » All PHP File Can Be Opened Directly

  • Hi…

    I’ve upgraded from wp 2.3 to wp 2.3.1, but now, all php files of the themes, kubrick/default, and other wp themes on my “Themes” folder, can be accessed directly via a browser. I don’t know why.

    I’ve tried to fix it using some ways/tricks, likes the tricks written by Mike: Securing PHP Include Files , also tricks using .htaccess Deny Access to No Referrer Requests, and using a blank index.php (i put in each folder » images « of each theme) but unfortunately, still these php files still can be accesed directly.

    In my .htaccess (root folder) there’s only :

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    I copied from “Permalink” box in my wp-admin panel. And there’s Options -Indexes also in that .htaccess

    so, i need help before i go crazy !

Viewing 8 replies - 1 through 8 (of 8 total)
  • whooami

    (@whooami)

    Member

    where, give us an example of what you are seeing? A link to a page that you are having this supposed problem with..

    Jeremy Clark

    (@jeremyclark13)

    Member

    It sounds like your server has directory browsing turned on. Try adding this to the end of your .htaccess file

    Options -Indexes

    If that doesn’t work ask your host to turn it off.

    whooami, thanks for reply. i mean, when every times i tried to open/access a php file of my wp theme via browser, i seeing the full code/content of that php file, for example: when i entering http://mysite.com/wp-content/themes/default/header.php so i see all code/content of that header.php file 🙁

    is there a way to block access it directly?

    whooami

    (@whooami)

    Member

    I know what you are saying. I didnt ask you to repeat your post – I asked for a page. SHOW ME.

    Options -Indexes will not solve what he/she is describing, if, in fact, it is occurring.

    Jeremy Clark

    (@jeremyclark13)

    Member

    kubrick/default, and other wp themes on my “Themes” folder, can be accessed directly via a browser.

    Sounded like directory browsing was turned on.

    After the second reply this is not what I thought they were talking about. It sounds like the host doesn’t have the server set up to process php files other than the index.php.

    Sounded like directory browsing was turned on.

    you’re absolutely right, people can’t browsing my themes folder, cause is turned off, i used Options -Indexes in my htaccess.

    what i saying is the header.php or index.php of my themes can be opened directly via browser, e.g.

    http://mysite.com/wp-content/themes/default/header.php

    the host doesn’t have the server set up to process php files other than the index.php

    so, what must i do?

    Kick their a$$…
    Ask your money back…
    Get a decent host…

    – I can’t really think of other options.

    moshu,

    oke, i’ll kick the ass and the brain of my host staff !

    …i’ll give the report 🙂

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘All PHP File Can Be Opened Directly’ is closed to new replies.