Silence is golden

Silence is golden

Silence is golden


Is your new WordPress plugin secure? Did you see the small 30 byte size only index.php file in such WordPress folders as wp-content, wp-content/themes? It is placed there by WordPress developers for the security reason. The explanation is obvious: if somebody input in his browser the URL like
http://www.yourblog.com/wp-content/plugins/
he could not see the full folder content, its subfolders and files list. Of course there are some other methods to hide directory list from visitors, for example it can be done with .htaccess directive but this (empty index.php file) way is the most simple and straightforward one.
Some of WordPress plugins developers ignore this issue and don’t put such empty index.php file into theirs plugins folders and subfolders.
It is highly recommended that you check this file presence at the new installed plugin folder and its subfolders after every new WordPress plugin installation. Put this index.php file

<?php
// Silence is golden.
?>

there yourself if plugin’s author missed it.
I made a plugin to make this job automatically. You can read about it at Silence is Golden Guard WordPress Plugin. Download link is available there also.

Tags: , ,

  • Pingback: WordPress Security: Silence is golden. Part 2. | ShinePHP.com()

  • MClark

    We are finding some of our sites that are not Word Press have a similar script and it shuts down the site – we did not put it there and have to remove it to restore the site functionality as it overides the index.html on php servers – see this link http://www.webdeveloper.com/forum/showthread.ph

    Did someone try to write a script to protect multiple directories and it went awry?

  • Pingback: Silence is golden | ShinePHP.com · WP Air()

  • shinephp

    If you have HTML only site, You can prevent the execution of scripts inside the root directory and all its sub-directories using .htaccess functionality. You can forbid PHP script execution at all. Please look at the
    http://codex.wordpress.org/htaccess_for_subdire
    article and use settings which more convenient for you.
    If your host doesn't allow to use .htaccess you can place index.php with redirection to the index.html into your site root directory and empty index.php into all its sub-directories, and set up read only permisions to that files – something like 444. As a result maliciouse FTP visitor could not rewrite those files and make a damage to your site using it.

  • shinephp

    If you have HTML only site, You can prevent the execution of scripts inside the root directory and all its sub-directories using .htaccess functionality. You can forbid PHP script execution at all. Please look at the
    http://codex.wordpress.org/htaccess_for_subdire
    article and use settings which more convenient for you.
    If your host doesn't allow to use .htaccess you can place index.php with redirection to the index.html into your site root directory and empty index.php into all its sub-directories, and set up read only permisions to that files – something like 444. As a result maliciouse FTP visitor could not rewrite those files and make a damage to your site using it.

  • Pingback: Silence is Golden WordPress Plugin | ShinePHP.com()

  • Pingback: Huge List of Cool WordPress Plugins-Part 1()

  • Pingback: Huge List of Cool WordPress Plugins-Part 1 | Toba Joseph()

  • Metal File Cabinet

    This is cool! And so interested! Are u have more posts like this? Plese tell me, thanks

  • Full list of posts could be found here http://www.shinephp.com/all-posts-index

  • Pingback: “Silence is golden”: I nearly had a fucking heart attack | Smile,Citrus()