Plugin Author
gioni
(@gioni)
Hi!
What do you mean by “protecting my WP-includes”? Cerber Security Scanner allows you to monitor files for changes and scan the wp-includes folder for malware.
Hi Gioni,
What I mean is that I’ve seen people (my analytics) accessing these files in my server and not sure why is so easy to access them and see everything in my wp-includes files. Is this normal and safe for anyone just to type the url path to that folder and look around? If is safe and no harm can come from it, then disregard my initial post.
If is not normal nor safe, then please advice on how to go about protecting these files from being accessed so EASY.
Thanks again for your plugin, is awesome!
Plugin Author
gioni
(@gioni)
Unless they are able to delete them, it’s safe because everyone knows what files resides in the wp-includes folder. But, having the ability to view directory listing (browse files) means your web server is not properly configured. For security reasons it’s advised to disable this built-in feature (a module) in the server configuration file.
The easiest way is to add the following string to the .htaccess file that is located in the root folder of your WP installation.
Options -Indexes
In a rare case it might lead to an server error when you try to visit home page of the website. In this case you need to delete the string and modify the server configuration file instead.
