Support Forum
Support Forum
Offline
I just discovered something that surprises me.
Everything under the sp-resources folder is open to browsing. wp-content doesn't allow browsing and I didn't specifically do anything to that folder to deny it so I assumed it would be handled by WordPress.
Anyone have any thoughts on the matter?
Offline
Thanks for reminding me. I was going to add to our discussions.
If you add a empty index.php to the folder you won't see the files in your browser. That is how WP does it.
You can copy the one from your wp-content to the sp-resources folder.
Custom Simple Press Themes
Offline
Brandon C said
Thanks for reminding me. I was going to add to our discussions.
If you add a empty index.php to the folder you won't see the files in your browser. That is how WP does it.
You can copy the one from your wp-content to the sp-resources folder.
Thanks for that. That means that I have to remember to do it for each subdirectory, and new ones are created each month in the upload areas. Would be nice if SP could do it automatically.
Offline
we can talk about doing that, but frankly its easier and better to turn off indexes in your .htaccess... you should not be letting folks browse any directory unless you explicitly want it...
Visit Cruise Talk Central and Mr Papa's World
Offline
Thanks for the tip. I just tried adding Options -Indexes to my .htaccess and although it prevents browsing, for some reason any directory below wp-content will not call my WP 404 page, but instead directs to the default 404 page of my web provider, complete with advertising. Still, that's better that being able to browse the folders.
This brings up a security point. Files uploaded on a private forum are still accessible. Does that mean they can be trawled by search engines?
Offline
what do you mean by accessible? you have to know the exact path and filename to get to them... pretty tough... and with indexes turned off you wont be able to browse...
as to bots, just put a robots.txt file in your base wp dir that does not allow them to crawl wp-content... you should do that anyways... no need to crawl wp-admin, wp-includes and other non content directories...
Visit Cruise Talk Central and Mr Papa's World
Offline
Mr Papa said
as to bots, just put a robots.txt file in your base wp dir that does not allow them to crawl wp-content... you should do that anyways... no need to crawl wp-admin, wp-includes and other non content directories...
Does that still allow pages and images on pages to be found by search engines? I don't understand how this works since WP generates pages on the fly, as I understand it. Please excuse my ignorance.
Offline
yes. did you google WordPress robots.txt file? you will see lots of good suggestions... or the robots meta plugin for wp...
it just tells crawlers where not to go...
Visit Cruise Talk Central and Mr Papa's World
Offline
Okay, thanks. I'll look into it.
All RSS1 Guest(s)