Silence is Golden Guard WordPress plugin

Silence is Golden Guard

Silence is Golden Guard

Silence is golden guard WordPress plugin prevents your blog directories from listing if visitor types just directory name as the URL,
e.g. http://yourdomain/wp-content/plugins/
Did you see small 30 bytes only index.php files in the folders of WordPress installation? If you don’t know for what reason those files included into WordPress package please read this post “Silence is Golden”.
This plugin can scan your WordPress blog installation subdirectories for the presence of such dummy index.php files and create it if index.php file doesn’t exist in the directory. As the second line of defence against directory listing plugin can add special “-Indexes” option into Apache Web Server .htaccess file placed at the WordPress root directory. You can do it by the “Scan” button click at the plugin “Settings” page. There is an option to check the state of your .htaccess file and index.php file presence at the other folders automatically once a day.
You can select that SIG index.php files redirect visitors to your site root after each directory listing request.
Options to delete unused readme.txt, screenshot-1.gif, etc. files are available. WordPress version can be removed from you blog pages header.

The latest version: 1.10. Click the Download button below if you wish to try it.
Quant of downloads: 8943

Attention! Starting from version 1.7 plugin works with WordPress 3.0 and higher only. For earlier WordPress versions use plugin version 1.6 from here.

Quick Links

Let’s see to the “Silence is Golden Guard” plugin “Settings” page screenshot:

Silence is Golden Guard Settings page
  • “Exclude folders” allows to prevent placing index.php file into directories of your choice. Just check this box and then check folders checkboxes from the list which will appear to the right.
  • “index.php Redirect” allows to create index.php files with redirection to your site root function. If you use WP Super Cache plugin, please read the correspondent part of FAQ section before activate this option.
  • “Rebuild All” button helps in sutuation when you just checked or unchecked the redirect option above and wish that all SIG created index.php will be recreated according to the new setting. SIG Guard is smart enough to not touch not dummy real index.php files which belong to another scripts possibly.
  • “Modify Apache .htaccess” – if checked then plugin will add “Options -Indexes” line to .htaccess file in the WordPress root folder to prevent directory listing by Apache Web server. If this option is turned on (+Indexes) or absent in the .htaccess file, then if a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html or index.php) file in that directory, then Web server will return a formatted listing of the directory.
  • “Delete readme.txt” allows to delete unused readme.txt files from all plugins subfolders. Attacker can discover plugin version you use easy by opening such file in the browser.
  • “Delete screenshot files” allows to delete unused screenshot image screenshot-1.gif, screenshot-2.gif, etc. files from all plugins subfolders. Attacker can discover plugin version you use by opening such file in the browser. PNG, JPG extensions are checked too additionally to GIF.
  • “Auto Monitor” – if this box is checked, plugin will scan your WordPress folder automatically once a day and place index.php files to the folders if they doesn’t have it. If “Modify Apache .htaccess” is checked then .htaccess will be checked. All other related actions are fullfilled according to checked options too.
  • “Hide WordPress version” allows to exclude WordPress version information from your blog page headers. WordPress puts this code
    <meta name="generator" content="WordPress 2.9.2" />

    into every page header. “Hide WordPress version” option helps to hide it.

If you press “Scan Now” or “Rebuild All” button you will see something similar to the image below:

Silence is Golden Guard in action

Attention! There is a very strong recommendation to make full backup of your blog before you activate SIG plugin. If you have developement copy of your blog at the same webhost I recommend you to give a SIG plugin first try at the test environment.


Dear plugin User,
if you wish to help me with this plugin translation I very appreciate it. Please contact me via Contact form and I will answer you by email. Do not forget include you site link in order I can show it with greetings for the translation help here at, plugin settings page and plugin’s readme.txt file.

You are welcome! Help me with plugin translation, share with me new ideas about its further development and link to your site will appear above.


  • 1.8 = 12.11.2011
    – Arabic translation is added.
    – News section is removed from plugin’s Settings page.
  • 1.7 = 29.09.2010
    – Italian translation is added.
    – Technical update for WordPress 3.0 full compatibility. Staff deprecated since WordPress v.3.0 is excluded.
  • 1.6 = 19.05.2010
    – German translation is added.
    – Minor bugs with usage of translation text-domain are fixed.
  • 1.5 = 09.05.2010
    – Endless redirection loop problem for blogs with active WP Super Cache plugin is resolved. See FAQ section for more details.
    – Event log file is created only if correspondent option is turned on at the Settings page.
  • 1.4 = 05.05.2010
    – Checking if index.php file is SIG Guard plugin made file and can be rewritten is updated in try to exclude rare cases when SIG Guard rewrites important index.php file, e.g. in the current theme folder. SIG Guard own stamp string verification is added. File with more than 4 rows will not be changed too.
    This update is critical for new plugin users only.
    Note to former users: if you wish to rebuild all your dummy SIG index.php files you need to delete that files manually before click “Rebuild All” button. As old index.php file does not contain SIG Guard stamp string, plugin should not update such file.
  • 1.3 = 12.04.2010
    – Redirect to the site root for directory listing requests option is added.
    – All index.php rebuild function is added (in case you change index.php type you use from empty page to redirection or back);
    – Unused plugins files readme.txt, screenshot- remove options are added. Such file expose plugin verision to attacker easy.
    – Remove WordPress version from your blog pages option is added.
  • 1.2 = 25.03.2010
    – Spanish translation is added.
  • 1.1 = 19.03.2010
    – Minor bug with usage of the textdomain for the translation is fixed. Thanks to Whiler who found it.
    – French translation is added. Thanks to Whiler again.
  • 1.0 = 16.03.2010
    – 1st release of the “Silence is Golden Guard” WordPress Plugin.


  • I activated Silence is Golden plugin and click Scan button. Now I have not access to my site, neither front-end, nor admin back-end. FireFox writes “Firefox has detected that the server is redirecting the request for this address in a way that will never complete.” What is happend and how to fix it?
    – This problem could be met if you use WP Super Cache plugin and turned on the redirection to site root option for SIG plugin. If you put index.php file with redirection to root directive into wp-super-cache/plugins/ folder you will get exactly that problem as it is described above.
    To resolve this SIG plugins checks from v. 1.5 if WP Super Cache plugin is active, and in this case creates the empty index.php file in the wp-super-cache/plugins/ folder, that is SIG ignores redirection option for this folder.
    Problem could be left if WP Super Cache is placed under another path, and WP Super Cache plugin root folder name differs from the default one “wp-super-cache”.
    To resolve endless redirection loop problem remove the ‘header(“Location: http://www…’ line from wp-super-cache/plugins/index.php file. It will resolve your problem with the high level of probability.

If you have trouble with SIG plugin email me, make a comment here, use contact form of forum post and report about your problem. I will help you to resolve it without any charge. As the only return from you I expect the ability to isolate the problem: what environment, settings, theme, other plugins, etc. lead to the problem you have…


I am ready to answer on your questions about this plugin usage and help with possible problems. Use Silence is Golden Guard plugin forum or this page comments and site contact form for that please.

Tags: ,

  • Pingback: Silence is Golden Guard Plugin v. 1.3 is available |

  • Pingback: Huge List of Cool WordPress Plugins-Part 1()

  • Pingback: Silence is golden |

  • Pingback: Plugins Garbage Collector v.0.2 translation update |

  • Pingback: Plugins Garbage Collector v. 0.3 translation update |

  • Pingback: Silence is Golden Guard WordPress plugin v. 1.4. update |

  • Pingback: Silence is Golden Guard WordPress plugin v. 1.5 update |

  • i installed Silence is Golden Guard v1.4
    on my site after installing
    i selected only add index.php files and remove unused files (readme.txt, screenshot-*.*) from plugin folders in settings & update settings

  • Pingback: Silence is Golden Guard German |

  • Pingback: Silence Is Golden Guard | Internet Career Finder()

  • Pingback: Huge List of Cool WordPress Plugins - Part 1 | Toba Joseph()

  • I installed silence is golden before completing work on my site. Now I can’t use the editor inthe admin back-end of my wrodpress site to edit index.php All that appears is
    I tried deactivating SIG but that did not help what can I do?

  • I’m sure it is a WordPress bug. Editor get the first index.php from your theme folder even if that index.php is from the some subfolder, not the main theme index.php file which is still in original state, that is SIG doesn’t touch it.
    Look what You have in Editor URL for index.php file. As for me:
    It is clear that index.php is from ‘images’ subfolder, not from the root theme folder, which is shinephp in my case.
    What to do with it?
    General recommendation – do not make any changes on site. It is dangerous as if you make mistake your site stop working. Edit files locally with your favorite editor. Test them on the test site copy. I use local site copy for this purpose. Then upload updated files to your live site.

    If you still wish to use WP online editor, exclude your them folder from SIG work. It has an option for that. Then delete all extra index.php file from your theme subfolders. In this case I recommend you to place empty index.php files there instead.

  • Fregew

    Hi! I’d love to use SiG on my site, but it stops loading the settings page at the title. No option shows up!

    I use WP 3.1.2. Tried disabling security plugins and even a seo one to check for conflicts, but still no success.

    Any solution?

    Thank you!

  • Hello!
    Thanks for the signal. To be honest I didn’t even check SIG still I installed it at
    I checked just now after reading your message. No visual problem. I suppose it could be stalled during quering RSS from if some network problem exists.
    Try to comment line 55 at sig-guard_options.php file with sig_guard_shinephpNews(); function call, e.g.:
    // sig_guard_shinephpNews();

    If it will not help, try to change WP_DEBUG constant in your wp-config.php file to
    define(‘WP_DEBUG’, true);
    You can see a lot of unusual output after that (notices about using depracated staff in plugins). So It’s better to deactivate all other plugins before doing it.
    If you have some output related to SIG plugin, please send in here without real path to your site directory of course. If it is difficult for you to understand the debug output, you can send it to me via this site Contact form.

  • M – I – L – A – D

    Thanks +  +1google pluse :*  u helped me from getting another hack 🙂 :):) i had 900 msg in my direct admin panel for security reason but aint get hack 🙂 😡 tnx again :*:*:* >:D< lovee u so much:-x

  • You are welcome. That’s a pleasure to read so good feedback :).

  • Hi,

    for this moment I know about 2 issues, related to this error message.
    1st, if you use Super Cach plugin, please open SIG Guard plugin readme.txt or its page at and read FAQ section.

    2nd, if you use some child theme without index.php file in its somethemename-child folder then SIG could create empty index.php with redirection directive there which cause this problem.

    Decision is to exclude child-theme folder from folders which SIG plugin scans. You have option for that in plugin’s settings page.


  • Jay Riddle

    I didn’t read carefully enough and I enabled all the settings and clicked update and now I have the problem described in the FAQ where i can’t get to my wp-admin console.  I did, however, take a backup right before I installed the plugin.  I’m unsure how to find that “wp-super-cache” folder to try and perform the header resolution.  Please advise, thanks.  

  • I resolved by renaming my wp-content/plugins folder and deleting a few plugins, including SIG Guard.  I think SIG Guard and some other SEO & Security plugins were conflicting.

  • Thanks for sharing this information. It would be good to know the reason (conflict plugin name) of your problem to fix it, though…
    If you had not so much active plugins, may be you send here its list, in order I try to test all of them together?

  • Try this workflow:

    Everything performed through cpanel file manager, php admin, backup wizard, etc (even deploying WordPress (and wp-config* to / (public_html) root) & used wp-admin console to add plugins, etc…

    Running “TwentyTen” theme, and only one other in reserve “TwentyEleven”.  Pretty much out of the box deployment, early stages.In order of install & activation (as close as possible) (all activated):- All In One SEO Pack- All In One SEO Pack Windows Live Writer Bridge- FeedBurnder Feed Smith- FeedBurner FeedSmith Extend- Fast Secure Contact Form- Google Analyticator- Google XML Sitemap- Jetpack by LinkWithin- wp-jquery-lightbox- Redirection – WP Security Scan*Rename WP tables to _example_*Tighten root & wp* folder security using ‘755/644’ rule- Akismet- Disqus Comment System*Upgraded to 3.2.6 *Backup—— Install & Activate SIG Gaurd ——-
    ^Settings: (probably the trigger)
    No Exclusions
    No Hiding of WordPress Version
    *index.php Redirect
    *Modify Apache .htaccess
    *Delete readme.txt
    *Delete screenshot files
    *Auto Monitor
    *Log errors to .log file (I don’t know if I have the energy to pull this from backups)
    ** “Update”
    ** “Scan Now”
    Log out
    #Broken – can bypass index.php at root and hit the standard default.htm, but nothing else.  Loops when trying to get to site, or wp-admin.
    #Before renaming the plugin folder, etc — I actually went through and replaced every index.php containing ‘header(Location:http://%)’ line with “//Silence is Golden.” 
    #Deleted SIG Gaurd, Redirection, and one other plugin and still no good
    #Like I said, not until renaming plugin folder did it let me back into wp-admin and onto the core front page.  

    After I was able to get into wp-admin, I actually created some full backups several more times so I probably have the logs.

    I never found a WP Super Cache folder, and I never located a *.log file in the ‘silence-is-golden-gaurd’ which has a /css, /images, /lang sub-folders.  
    Now I have all the same plugins installed except the following are not activated:

    – All In One SEO Pack- All In One SEO Pack Windows Live Writer Bridge
    – FeedBurner FeedSmith Extend 

    ^Installed and activated SIG Gaurd, but this time ran with the following settings:

    [Different from 1st time] Selected Excluded checkbox: (=TwentyTen & TwentyEleven theme folder trees)——-No index.php Redirect————–No Delete readme.txt——-[Same]No Hiding of WordPress Version

    Remember, I had manually gone through and removed all the redirect location header lines in all index.php files, and deleted them completely from the theme folders.

    Any advice on folders to exclude? Or should I be ok with adding index.php to theme folders so long as I stay away from the redirect?

    I manually added an additional .htaccess in wp-admin as well now.  Everything is working fine it seems.

    Note: Still no *.log file generates
    Note: Still no wp-cache folder

  • Thank you for so very detailed report. I will try to test SIG Guard with every plugin (you mentioned) together and isolate the problem this weekend. 
    “WP Super Cache” is the WP plugin. As you have not it installed, it is not your case. There is some similar situation probably.
    I will write here about my testing results.While you don’t use ‘redirect’ option there is no need to exclude folders. 

  • great plugin.  i tried several other security plugins for wp without results.  this plugin works.  thanks rob

  • Thanks for the good feedback :).

  • this plugin saves users a ton of time to manually place index.php files in every folder of a blog site. great plugin! i would like to ask for some feature upgrade? like having the option to place index.html instead of php. that way, those malware php scripts will be useless if ever a blog site might get infected again

  • Thanks for suggestion. I will add such option, definitely.

  • Vidar

    Pro-tip to new users.. Do a backup first and don’t use the redirect option.. it totally broke my WP installation, heh. Getting a 500 internal error message now, can’t reach the admin panel. Tried removing themes, changing all the index.php files back to the original status, deleted all plugins.. nothing works 🙂

  • I confirm that. This information (make backup or try it on the test installation before) is included to readme.txt and this page. SIG is not universal decision and while it works excelent for myself here at it doesn’t for some other sites, different from standard configuration, e.g. WordPress is installed not to the root of the site, uses cache plugins, etc…
    So be carefull, and always have recent backup.

  • Vidar

    Yeah, installing from inside the wp admin has it’s drawbacks. I found out what the problem was, by the way. Curious by nature, I had to investigate, hehe. The htaccess file does it, restoring it to the backed up one solved the problem for me. Perhaps something server related.

  • Thanks for sharing that.

  • Vidar

    Hopefully it can help someone else 🙂

    I’ve done some further research. I use as a provider, and apparently they do not allow users to override the root Apache Options directives, or you get a 500 server error. So I just commented “Options – Indexes” out and it works as intended. I will edit my installed version of SIG  to accomodate for this. It’s a sweet plugin, thank you for creating and maintaining it.


  • Vidar

    (and as a last sidenote, I tracked down which of the index.php redirects that caused an infinite redirect loop on my WP install, and it was the one located in the main folder of one of the other plugins: Contact Form 7)

  • Interesting effect. Plugin’s folder index.php should not be called by WordPress.
    I will try to install “Contact form 7” and test it with SIG together. Thank you.

  • fafa


    thanks for this plugin . it’s work very good & solve my big problem.

    My host not allow me to use “Options All -Indexes” in the htaccess so I should manually add index.htm to all directory my blog has more than 300 directories.

    Your plugin do it in one second . so I really say : sooooooooooo Thanks …

    I have a request if it possible you help me too .

    Is it possible write a small script that create this index.php to all kind of site not just wordpress.

    it means that we put that script to public_html and run it and it creat index.php to all directories.

    Because I have some site like WHMCS and need create index.php in directories but it have more than 400 directories.

  • graff

    thx for great plugin,

    but found conflict with plugin P3 (Plugin Performance Profiler), redirect to main page from admin panel
    solution is exclude from scan dir wp-content/mu-plugins

  • Thank you. I will check and apply the fix.

  • Marco A. Hidalgo Molina

    Hello, great plugin! I´ve used at previous installation, but now that made clean installation cannot activate, says this message “Plugin could not be activated because it triggered a fatal error.” Don´t know if update to last wp version is the problem.

  • Hi Marco,

    Thanks for letting me know about this issue. It is fixed with the versions 1.10 published today.

  • JMartinez

    Hello, I have activated the index.php redirect to homepage feature and now I have no access to plugins directory or the homepage. I deleted the plugin via ftp, same problem. Now I have reinstalled the plugin via ftp and same problem persists. How can I revert to before I activated the index.php redirect as it is making infinite loop. I do not have the WP super cache installed. Thank You.

  • Hello,I suppose that your active theme index.php was rewritten accidentally. Check that. If it was really happend, restore original index.php file from a backup copy.

  • JMartinez

    Tried that, can’t get into any directory now. Could there be something I could fix using ControlPanel File Manager? Maybe an htaccess file of maybe something in the database tables? If not I’ll just have to redeploy a new installation and start working over again. Error is 500, site not configured correctly.

  • Database tables are not changed by SIG plugin – files only. So it’s not the case.

    I met error 500 at some hostings due to insufficient file permissions. Read a thread started by Vidar user below. It had and resolved very similar problem.

    Check index.php at the root of your site also. Check index.php at the main folder of ‘Contact Form 7’ plugin. Check your site root .htaccess file: try to comment or remove
    “Options – Indexes”
    line from it or restore this file from the fresh backup copy.

    Before full files tree deletion and start from zero You may try to overwrite all WordPress core files (except wp-config.php) from the fresh downloaded copy via FTP.

  • JMartinez

    Thanks for you suggestions. I was just setting up a new site and new template and now I know more of how to proceed ( and how not to continue ) I’ll work with a re-install, ad my deadline is months away. So, for now best to follow Plugins Instructions completely. LOL . Thanks.

  • Moic003

    Hello, any solution for point 2

  • Hi,

    Decision is to exclude child-theme folder from folders which SIG plugin scans. You have option for that in plugin’s settings page.