If you are hosting with someone like Bluehost.com, Hostgator.com or any other host with WordPress installations on a cPanel.
Case in point. Let’s say I know www.thisdomain.com is using WordPress. So I simply go in and type www.thisdomain.com/wp-content. An index page will come up like this in your browser window showing me all of the directories.
Now if one of these directories holds images, I would get access to all images uploaded the this WordPress default file. So I could easily download everything they have uploaded to their site. Sometimes you can do this to the plugin and theme directories as well. Or if I typed in www.thisdomain.com/wp-content/uploads the same thing will happen.
This can be a very big security risk if you offer subscriptions, paid material or other information that you don’t want easily grabbed.
How to solve this…
Sign into your hosting account, and click on your cPanel. At the very bottom, go into the “Index Manager” and select No Indexing for your site and it’s directories, or if you choose, just certain directories. If you don’t, users will easily be able to rip content, plugin and theme information from your site.
It will either go to a 404 page not found, or directory not found.
As always, with WordPress, be safe!
JItendra says
wow! It’s really working!
Bob Dunn says
very cool
Joseph says
Hi Bob,
Many thanks for this information, concise and to the point. Works like a charm.
Bob Dunn says
Glad it was helpful
Steven says
Hey Bob,
Thank you so much for this I am extremely happy that I cam across this page as WP sites get hacked all the time. I have even added a .htpassword file in the root of the installation with a hash of the username and password to protect the wp-admin folder as well.
Thank you sir!
Bob Dunn says
Yeah, those hackers tend to love vulnerable WordPress sites 🙁
And a very nice added touch… cheers!
Muhammad Minhazul Haque says
Tiny but very useful. Thanks friend.
ppt says
thank you a lot for this tip, it helped a lot
Shoeb says
BoB, you have given the very useful and necessary information that every WordPress must know. We never think about these things but when something goes wrong then discover. Thank for posting this valuable article and i hope you will post such great article in future too.
Bob Dunn says
Thanks Shoeb. The more you can do, the better 🙂
sid says
i almost gave all my paid content for free. thanks so much. it works.