Did you see small 30 bytes only index.php files in the folders of WordPress installation? If you don’t know for what reason those files included into WordPress package please read this post “Silence is Golden”.
This plugin can scan your WordPress blog installation subdirectories for the presence of such dummy index.php files and create it if index.php file doesn’t exist in the directory. As the second line of defence against directory listing plugin can add special “-Indexes” option into Apache Web Server
.htaccessfile placed at the WordPress root directory. You can do it by the “Scan” button click at the plugin “Settings” page. There is an option to check the state of your .htaccess file and
index.phpfile presence at the other folders automatically once a day.
You can select that SIG index.php files redirect visitors to your site root after each directory listing request.
Options to delete unused readme.txt, screenshot-1.gif, etc. files are available. WordPress version can be removed from you blog pages header.
The latest version: 1.10. Click the Download button below if you wish to try it.
Quant of downloads: 8380
Attention! Starting from version 1.7 plugin works with WordPress 3.0 and higher only. For earlier WordPress versions use plugin version 1.6 from here.
“Exclude folders” allows to prevent placing
index.phpfile into directories of your choice. Just check this box and then check folders checkboxes from the list which will appear to the right.
- “index.php Redirect” allows to create index.php files with redirection to your site root function. If you use WP Super Cache plugin, please read the correspondent part of FAQ section before activate this option.
- “Rebuild All” button helps in sutuation when you just checked or unchecked the redirect option above and wish that all SIG created index.php will be recreated according to the new setting. SIG Guard is smart enough to not touch not dummy real index.php files which belong to another scripts possibly.
- “Modify Apache .htaccess” – if checked then plugin will add “Options -Indexes” line to
.htaccessfile in the WordPress root folder to prevent directory listing by Apache Web server. If this option is turned on (+Indexes) or absent in the
.htaccessfile, then if a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html or index.php) file in that directory, then Web server will return a formatted listing of the directory.
- “Delete readme.txt” allows to delete unused
readme.txtfiles from all plugins subfolders. Attacker can discover plugin version you use easy by opening such file in the browser.
- “Delete screenshot files” allows to delete unused screenshot image
screenshot-1.gif, screenshot-2.gif, etc.files from all plugins subfolders. Attacker can discover plugin version you use by opening such file in the browser. PNG, JPG extensions are checked too additionally to GIF.
- “Auto Monitor” – if this box is checked, plugin will scan your WordPress folder automatically once a day and place index.php files to the folders if they doesn’t have it. If “Modify Apache .htaccess” is checked then
.htaccesswill be checked. All other related actions are fullfilled according to checked options too.
- “Hide WordPress version” allows to exclude WordPress version information from your blog page headers. WordPress puts this code
<meta name="generator" content="WordPress 2.9.2" />
into every page header. “Hide WordPress version” option helps to hide it.
If you press “Scan Now” or “Rebuild All” button you will see something similar to the image below:
Attention! There is a very strong recommendation to make full backup of your blog before you activate SIG plugin. If you have developement copy of your blog at the same webhost I recommend you to give a SIG plugin first try at the test environment.
- Arabic: mr.Ahmad
- French: Whiler
- German: Tom
- Italian: Alessandro Mariani
- Russian: ShinePHP
- Spanish: Omi
Dear plugin User,
if you wish to help me with this plugin translation I very appreciate it. Please contact me via Contact form and I will answer you by email. Do not forget include you site link in order I can show it with greetings for the translation help here at shinephp.com, plugin settings page and plugin’s readme.txt file.
You are welcome! Help me with plugin translation, share with me new ideas about its further development and link to your site will appear above.
1.8 = 12.11.2011
– Arabic translation is added.
– ShinePHP.com News section is removed from plugin’s Settings page.
1.7 = 29.09.2010
– Italian translation is added.
– Technical update for WordPress 3.0 full compatibility. Staff deprecated since WordPress v.3.0 is excluded.
1.6 = 19.05.2010
– German translation is added.
– Minor bugs with usage of translation text-domain are fixed.
1.5 = 09.05.2010
– Endless redirection loop problem for blogs with active WP Super Cache plugin is resolved. See FAQ section for more details.
– Event log file is created only if correspondent option is turned on at the Settings page.
1.4 = 05.05.2010
– Checking if index.php file is SIG Guard plugin made file and can be rewritten is updated in try to exclude rare cases when SIG Guard rewrites important index.php file, e.g. in the current theme folder. SIG Guard own stamp string verification is added. File with more than 4 rows will not be changed too.
This update is critical for new plugin users only.
Note to former users: if you wish to rebuild all your dummy SIG index.php files you need to delete that files manually before click “Rebuild All” button. As old index.php file does not contain SIG Guard stamp string, plugin should not update such file.
1.3 = 12.04.2010
– Redirect to the site root for directory listing requests option is added.
– All index.php rebuild function is added (in case you change index.php type you use from empty page to redirection or back);
– Unused plugins files readme.txt, screenshot- remove options are added. Such file expose plugin verision to attacker easy.
– Remove WordPress version from your blog pages option is added.
- 1.2 = 25.03.2010
– Spanish translation is added.
- 1.1 = 19.03.2010
– Minor bug with usage of the textdomain for the translation is fixed. Thanks to Whiler who found it.
– French translation is added. Thanks to Whiler again.
- 1.0 = 16.03.2010
– 1st release of the “Silence is Golden Guard” WordPress Plugin.
I activated Silence is Golden plugin and click Scan button. Now I have not access to my site, neither front-end, nor admin back-end. FireFox writes “Firefox has detected that the server is redirecting the request for this address in a way that will never complete.” What is happend and how to fix it?
– This problem could be met if you use WP Super Cache plugin and turned on the redirection to site root option for SIG plugin. If you put index.php file with redirection to root directive into wp-super-cache/plugins/ folder you will get exactly that problem as it is described above.
To resolve this SIG plugins checks from v. 1.5 if WP Super Cache plugin is active, and in this case creates the empty index.php file in the wp-super-cache/plugins/ folder, that is SIG ignores redirection option for this folder.
Problem could be left if WP Super Cache is placed under another path, and WP Super Cache plugin root folder name differs from the default one “wp-super-cache”.
To resolve endless redirection loop problem remove the ‘header(“Location: http://www…’ line from wp-super-cache/plugins/index.php file. It will resolve your problem with the high level of probability.
If you have trouble with SIG plugin email me, make a comment here, use contact form of forum post and report about your problem. I will help you to resolve it without any charge. As the only return from you I expect the ability to isolate the problem: what environment, settings, theme, other plugins, etc. lead to the problem you have…
I am ready to answer on your questions about this plugin usage and help with possible problems. Use Silence is Golden Guard plugin forum or this page comments and site contact form for that please.