Hiding your files
A golden security rule for WordPress has long been to prevent info leak from directory browsing, protecting old plugins and other code from being easily targeted. Until recently this wasn't a default WordPress defense, but could be achieved using htaccess, else by adding a blank ind
ex.php file into the folder whose contents should be hidden.
Automattic does now add blank index.php files to key directories, not only for new installations but also upon a platform upgrade, so that's good. So far as I can see though, one gap remains, and that is for the uploads folder. This is created when first we import media to a site using the Dashboard but, as yet, there is no restriction for curious eyes. Then again, in many cases we want users to be able to browse this folder:
The u
ploads folder isn't the only one with its content exposed. Directory listing info leak is an issue when we add bespoke directories for forums, wikis, client areas, and whatever else. All these would tend...
