wp-content/plugins – Open Access

  • Is it normal that anyone can browse directly to and download from the wp-content/plugins folder? Including content being listed by search engines?
    Version 2.1

Viewing 4 replies - 1 through 4 (of 4 total)

  • To block directory listings on your site, drop this in the .htaccess in the root.
    IndexIgnore *
    All directories without an index.html or index.php will not be listed.

    Thread Starter comanco

    (@comanco)

    So it is normal to be able to put https://www.example/wp-content/plugins and view the contents of this folder?
    I did look at the htacess file and in part this is what I now have do I still add IndexIgnore *

    IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

    Almost all servers will list directories (WP or not) if no index file is there.
    Yes, you can add that right below what you have.

    Thread Starter comanco

    (@comanco)

    First Thank you very much for your help I placed it as suggested and the following is now what shows if that is not a concern I can leave it as is. I assume what is now viewable is because of the index.php in the wp-content folder.

    Index of /wp-content/themes
    Name Last modified Size Description
    ———————————————————–
    ———————————————————–

    Apache/1.3.37 Server at website.com Port 80

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘wp-content/plugins – Open Access’ is closed to new replies.