Comments on: WordPress Security Tip http://www.itsananderson.com/2008/12/wordpress-security-tip/ Designer and Programmer Wed, 10 Mar 2010 16:05:01 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Will http://www.itsananderson.com/2008/12/wordpress-security-tip/comment-page-1/#comment-94 Will Fri, 02 Jan 2009 04:38:27 +0000 http://www.itsananderson.com/2008/12/wordpress-security-tip/#comment-94 Hey Kim, You have a good point there. The reason I would still use IndexIgnore though is that it's just a little bit more friendly (doesn't contain the word "Error" :) ) Of course if you were to create a custom error page with something like this in your <code>.htaccess</code>: <code>ErrorDocument 403 /errors/forbid.php</code> Then you just place a helpful message in <code>/errors/forbid.php</code>. Make sure you actually change the status to 200 as well or browsers like IE and Chrome won't display the page. <pre> < ?php header("HTTP/1.0 200 OK"); ?> </pre> Cheers! Hey Kim,

You have a good point there. The reason I would still use IndexIgnore though is that it’s just a little bit more friendly (doesn’t contain the word “Error” :) )

Of course if you were to create a custom error page with something like this in your .htaccess:

ErrorDocument 403 /errors/forbid.php

Then you just place a helpful message in /errors/forbid.php. Make sure you actually change the status to 200 as well or browsers like IE and Chrome won’t display the page.

< ?php
header("HTTP/1.0 200 OK");
?>

Cheers!

]]> By: Kim http://www.itsananderson.com/2008/12/wordpress-security-tip/comment-page-1/#comment-93 Kim Fri, 02 Jan 2009 04:31:00 +0000 http://www.itsananderson.com/2008/12/wordpress-security-tip/#comment-93 Thanks for the tip! There is also another method to accomplish the same thing using .htaccess - add the line Options -Indexes to turn off directory listings completely. If someone does try to look at the contents of a directory by going to http://www.domain.tld/foldername/, they are presented with a 403-Forbidden error. Thanks for the tip! There is also another method to accomplish the same thing using .htaccess – add the line Options -Indexes to turn off directory listings completely.

If someone does try to look at the contents of a directory by going to http://www.domain.tld/foldername/, they are presented with a 403-Forbidden error.

]]> By: Will http://www.itsananderson.com/2008/12/wordpress-security-tip/comment-page-1/#comment-92 Will Fri, 02 Jan 2009 04:13:57 +0000 http://www.itsananderson.com/2008/12/wordpress-security-tip/#comment-92 Hi Miroslav, Good question. If you look at my wp-admin/css folder you can see that no files are listed. http://itsananderson.com/blog/wp-admin/css/ I didn't even know that there was no index.php file there until you pointed it out, but the .htaccess trick took care of things for me :) Cheers! Hi Miroslav,

Good question. If you look at my wp-admin/css folder you can see that no files are listed.

http://itsananderson.com/blog/wp-admin/css/

I didn’t even know that there was no index.php file there until you pointed it out, but the .htaccess trick took care of things for me :)

Cheers!

]]> By: Miroslav Glavic http://www.itsananderson.com/2008/12/wordpress-security-tip/comment-page-1/#comment-91 Miroslav Glavic Fri, 02 Jan 2009 04:08:43 +0000 http://www.itsananderson.com/2008/12/wordpress-security-tip/#comment-91 what about in the wp-admin folders? wp-admin/css folder has no index.php file in it what about in the wp-admin folders?

wp-admin/css folder has no index.php file in it

]]>