Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.


Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.


Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.


Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » WordPress

WordPress Directory Listing Risk

Submitted by on June 11, 2009 – 11:36 pm 4 Comments

A large number of WordPress directories do not have an index file. This is particularly dangerous in case of the plugins directory. If your server allows directory listings, a potential attacker may see which plugins you have installed. Most plugins have security vulnerabilities. One way of fixing this is by adding the following line to the .htaccess file in the Web server’s root (htdocs):

Options -Indexes

Another approach is to put an index file in each folder on your site that does not already have one. You can have this index file redirect the visitor back to the main page of your site. Create the /wp-content/index.html with 644 permissions and the following content:

Now you can create a link in all directories under wp-content pointing to this index file. Thus, if you need to change this file in the future, you only need to modify one file. The script below will help you create the links from the wp-content directory:


cd ${HOME}/public_html/wp-content

if [ ! -f index.html ]
        echo '' > index.html
        chmod 644 index.html

find . -type d | while read dir
        if [ `ls "${dir}" | egrep -c "index.html|index.htm"` -eq 0 ]
                ln -s ${HOME}/public_html/wp-content/index.html "${dir}"/index.html
Print Friendly, PDF & Email


Leave a Reply

%d bloggers like this: