Secure "wp-content" folder and subfolders

  • Resolved sadler.oliver

    (@sadleroliver)


    11 years, 11 months ago

    When using a website downloader, it downloads most folders from your wordpress website, excluding wp-admin and wp-includes. But it does download wp-content folder and its subfolders. Even after using different plugins to prevent access to wp-content folder and also by changing its name, it is still downloadable.

    This activity leaves a door open to bots and hackers to find vulnerabilities in your wordpress website.

    What is the best way to prevent this wp-content and other shopping cart folders from being accessed or downloaded by site downloaders.

    Your help will be greatly appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    I’m sorry I can’t answer your question, but I am curious, what vulnerabilities can be found by a downloader in wp-content? Certainly themes and plugins have been known to have vulnerabilities in the past. But these have all been in PHP code. The PHP code would only be available to a downloader if the server is badly misconfigured. What vulnerabilities am I not seeing here?

    Thread Starter sadler.oliver

    (@sadleroliver)

    I have finally secured the wp-content folder by editing the robots.txt file that is auto generated by wordpress by adding following lines:

    User-agent: *
    Disallow: /wp-admin/
    Disallow: /wp-includes/
    Disallow: /wp-content/

    “Disallow: /wp-content/” was not there previously, thus added it to the generator in functions.php

    This now prevents wp-content folder or any of its subfolders from being crawled by search engines or even be downloaded by a website downloader if any visitor might be using one.

    However list of plugins used on the site are clearly visible when you go to “View Source” by clicking “CMD + U” on Mac OSX or “Ctrl + U” on Windows OS.

    It still solves my purpose so far.

    Thanks all for viewing this post and trying to help..

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Secure "wp-content" folder and subfolders’ is closed to new replies.