Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
general-topic
sp-resources/* allows browsing
Avatar
Mike Warren
Cairns, Australia
Member
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 6:42 pm

I just discovered something that surprises me.

Everything under the sp-resources folder is open to browsing. wp-content doesn't allow browsing and I didn't specifically do anything to that folder to deny it so I assumed it would be handled by WordPress.

Anyone have any thoughts on the matter?

Avatar
Brandon
U.S.
SP Wrangler
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 7:15 pm

Thanks for reminding me. I was going to add to our discussions.

If you add a empty index.php to the folder you won't see the files in your browser. That is how WP does it.

You can copy the one from your wp-content to the sp-resources folder.

Avatar
Mike Warren
Cairns, Australia
Member
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 7:21 pm

Brandon C said

Thanks for reminding me. I was going to add to our discussions.

If you add a empty index.php to the folder you won't see the files in your browser. That is how WP does it.

You can copy the one from your wp-content to the sp-resources folder.

Thanks for that. That means that I have to remember to do it for each subdirectory, and new ones are created each month in the upload areas. Would be nice if SP could do it automatically.

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 7:52 pm

we can talk about doing that, but frankly its easier and better to turn off indexes in your .htaccess... you should not be letting folks browse any directory unless you explicitly want it...

Avatar
Mike Warren
Cairns, Australia
Member
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 8:12 pm

Thanks for the tip. I just tried adding Options -Indexes to my .htaccess and although it prevents browsing, for some reason any directory below wp-content will not call my WP 404 page, but instead directs to the default 404 page of my web provider, complete with advertising. Still, that's better that being able to browse the folders.

This brings up a security point. Files uploaded on a private forum are still accessible. Does that mean they can be trawled by search engines?

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 8:17 pm

what do you mean by accessible?  you have to know the exact path and filename to get to them...  pretty tough... and with indexes turned off you wont be able to browse...

as to bots, just put a robots.txt file in your base wp dir that does not allow them to crawl wp-content...  you should do that anyways...  no need to crawl wp-admin, wp-includes and other non content directories...

Avatar
Mike Warren
Cairns, Australia
Member
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 8:25 pm

Mr Papa said

as to bots, just put a robots.txt file in your base wp dir that does not allow them to crawl wp-content...  you should do that anyways...  no need to crawl wp-admin, wp-includes and other non content directories...

Does that still allow pages and images on pages to be found by search engines? I don't understand how this works since WP generates pages on the fly, as I understand it. Please excuse my ignorance.

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 8:33 pm

yes. did you google WordPress robots.txt file? you will see lots of good suggestions... or the robots meta plugin for wp...

it just tells crawlers where not to go...

Avatar
Mike Warren
Cairns, Australia
Member
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 8:38 pm

Okay, thanks. I'll look into it.

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Feb 26, 2012 - 8:39 pm

np. glad to help.

Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 620
Members: 17365
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10128
Posts: 79626