I have checked many wp sites recently and they allow to access the file from the include folder and they show error message on it
Path is
wp-includes/customize/class-wp-customize-background-position-control.php
Error message
Fatal error: Class 'WP_Customize_Control' not found in /home4/pcc/public_html/project/autosite/wp-includes/customize/class-wp-customize-background-position-control.php on line 1
Ideally it should not be accessible directly
I have used this in my htaccess but still same error
Options All -Indexes
Also they are crawling in google.
The de-index job will not work because it's a well-known file in all WordPress installation and Options -Indexes did not prevent users to access this.
Place a .htaccess file in wp-includes folder with below content. It's will return 403 status code when someone try to access .php file in wp-includes folder and its subfolders.
<Files *.php>
deny from all
</Files>
Related
OK, so pls don't kill me, I'm not an expert, yes I have read loads of comments and forums and not sure it would be possible.
I have a WordPress site that is running on litespeed. I have wordfence and ithemes installed and my firewall is turned on, yet somehow a hacker created a .tmp folder with fake png inside containing executable code. The code could not run because of wordfence, but I would like to prevent them from creating the .tmp folder in the first place.
That lead me thinking, is is possible, in my public_html .htaccess, to list my files and folders that in the root directory, and to allow, and to deny all from everything not on the list. Theoretically then they should not be able to create any new file or folder and if they do, it would deny?
Example
Folders on whitelist:
wp-includes
admin
etc.
Files on whitelist:
index.php
wp-config.php
Would look like this
# Deny access to files & subdirectories
Order Allow,Deny
deny from all
<Files *.*>
deny from all
</Files>
# Allow access to files
<Files "index.php,wp-config.php">
Allow from all
Satisfy Any
</Files>
# Allow access to sub directories
<Files wp-includes,admin/*>
Allow from all
Satisfy Any
</Files>
As per #RavinderSingh13's request:
Allow access the these subfolders only:
wp-admin, wp-content, wp-includes
Allow access the these files only:
.htaccess, index.html, index.php, license.txt, readme.html, wp-activate.php, wp-blog-header.php, wp-comments-post.php, wp-config.php, wp-config-sample.php, wp-cron.php, wp-links-opml.php, wp-load.php, wp-login.php, wp-mail.php, wp-settings.php, wp-signup.php, wp-trackback.php, xmlrpc.php
Update:
This will not work as it will not deny sever side execution. A php script can be made to delete files that are not on the whitelist, and then run with a cron every 5 min. Not ideal but it works.
Here is my folder directory
wordpress
project
html
index.html (html page)
wp-admin
wp-content
wp-includes
etc...
What I want if someone want to access the main directory folder i.e. project folder for example ( domain.com/project ) it redirect to wordress 404.php .htaccess
To ensure the server finds your 404 page, add the following line to your .htaccess file:
Deny from all
ErrorDocument 404 /page-404.html
Check the docs on Codex: Creating an Error 404 Page
Maybe help plugin:
http://wordpress.org/extend/plugins/private-files/
You need to create an .htaccess file in the directory you want to restrict. Then you will deny access to your directory and redirect redirect all "403 forbidden" request to a 404 page adding this lines to the .htaccess file:
Deny from all
ErrorDocument 403 /404
This are the only lines you need to include in this file.
I wanted to make a new folder with cPanel that is publicly accessible so I inserted some config into .htaccess file. However, when I try to access a file in this folder I get the following permission error:
The subfolder is called "form_surat".
Below is a screenshot of the contents of my .htaccess file.
Below is a screenshot of my cPanel configuration.
i don't know anything at all about .htacces
so can you make it simple coding to how accesing file in new subfolder
and this is a subdomain from wordpress
Options -Indexes will prevent public browsing of the folder's files by everyone. Add this line to set a default index file with the following
DirectoryIndex index.html index.php
You'll need to create an index.php file.
My all wordpress pages suddenly start to show a 404 error which can be fixed by going to settings->permalinks and saving to re-create the htaccess files. However, within minuets the admin area is inaccessible giving a "too many redirects" issue. The only way to access the admin area is to delete the .htaccess file via ftp. This was not happening until I have set password protected directory.
In your main .htaccess file for WordPress add at the top the following code to fix the redirect loop error:
ErrorDocument 401 default
In your admin .htaccess file for WordPress add the following code to ensure that front end Ajax continues to work:
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
While accessing my WordPress website, I got directory listing error. I can access the site using http://example.com/index.php but not when I use http://example.com. I also tried put the .htaccess file in the directory. I had following code in my .htaccess file.
#BEGIN WordPress
#END WordPress
DirectoryIndex index.php
I solved it... If any want to change your site path not having access to control panel in your db go to the wp-options table change your site url link to http://www.example.com to the http://www.example.com/index.php