- This topic has 14 replies, 3 voices, and was last updated 11 years ago by
.
-
Posts
-
hi
Does anyone know if adding a blank index.html to a genesis child theme would cause an issue?
This would go in wp-content/themes/minimum-pro or whichever child theme is being used
I want to block browsing of the directory - WP standard just works with a blank index.html
Tried using .htaccess Options -Indexes
But this causes a 404 error for wp-content/themes/minimum-pro - which is weird as wouldnt expect to see a 404 page error when blocking directory level access
Thanks
An index.php will work but not for what you want to do.
Block browsing of what directory?
Hi
Thanks for the reply
I dont want to add index.php - i want to add index.html - but i guess that work work in Genesis
To block browsing of wp-content/themes
http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml
I would happily use htaccess - the block works however it creates a 404 page redirect error for wp-content/themes/mychildtheme - this is not how it should work
Thanks
You could then add this to your .htaccess file after this:
Options -Indexes
ErrorDocument 404 http://example.com/your-redirect
ErrorDocument 403 http://example.com/your-redirectSource http://wordpress.org/support/topic/how-do-i-stop-people-viewing-my-wp-content-folder#post-281523
You don't want to put a blank index.php in your child theme directory, that would cause problems, as you've already discovered 🙂
As Brad said, just including the "Options -Indexes" in your .htaccess will do the trick for all directories, not just your WordPress ones.
Now, how old is your WordPress installation? The WP base install has included a mostly empty index.php in the wp-content, wp-content/plugins and wp-content/themes folders by default since about WP 3.3, maybe earlier, so if your folders don't have those index.php files (containing nothing but a "Silence is golden" comment), then you have a really old original WP installation.
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkHi
Thanks all - @Brad will retry this later and a redirect rule to the .htaccess rule
I have a weird redirect chain issue with the genesis child theme to resolve first
mysite.com/wp-content/themes/minimum-pro
Is redirecting to
mysite.com/wp-content/themes/minimum-pro/Note the trailing slash in part 2. No idea why theres a redirect chain as nothing on the server that's causing this. It's the first time I have seen this with any of my Genesis Sites.
@Summer - hey hope your well?
Its WP3.9 - all the WP base install does have the empty index.php its the Genesis child themes that don't - so assume this is genesis specific
Hi Sam! Long time no chat 🙂
So, why do you think appending the trailing slash is an error? It's not a redirect and it's not an error, and it's not unique just to Genesis or WordPress. You won't see it on URLs that end in a file name, like resource.php or about.html or contact.asp, but you will find it happening on most systems that permalink systems that don't end in filenames (like index.html or index.htm) (see the URLs of the topics of this forum, for instance).
File names: no trailing slashes. Directories or articles, yes trailing slashes. It's actually defined in the RFC for URI syntax (RFC 3986, but it's clearer for non techies to read the Wiki page)
This means it's the equivalent of internet law to have them normalize, and apparently, it's also a thumbs-up for SEO to have trailing slashes on non-filename URLs (I did not know this part until just now) because Google's Matt Cutts tells everyone it's better for them that way (or something). 🙂
Now for the other part...
The child theme directories will never have that blank index.php, because that's what directs the content of your website behavior... it literally cannot have an empty index.php because it will override the framework's index.php.
If you were using a standalone theme, you'd see that the index.php in there drives the content... same thing for Genesis and the child themes... the framework's index.php drives the content, but the child theme's index.php would override the framework's. I would also think this isn't unique to other WordPress frameworks, but I haven't played with any other ones in any great detail, so I can't say for certain.
See the WordPress Codex page on template hierarchy for more details.
So if you put a blank index.php in a Genesis child theme directory, it's like slamming your car into reverse at 60mph... everything crashes 🙂
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkHey Summer
Thanks for the detailed reply 🙂
No issue with having a trailing slash, I expect it to be there... I do have an issue that there's a redirect chain in place..
If you wanted to take a look in gmetrix.com you can see it being reported - its my primary business site that you know 🙂
mysite.com/wp-content/themes/minimum-pro
Is redirecting to
mysite.com/wp-content/themes/minimum-pro/Can't understand this...have checked all other client sites and cant see this happening anywhere else
Thanks for the explanation re index in genesis child themes - I will use htaccess.
Cheers
The rewrite is happening automatically, but you shouldn't be seeing it as a redirect... so where are the links to that folder without the trailing slash coming from?
That has to be linked from somewhere without the trailing slash, or else it wouldn't be getting visited to be rewritten... that's the part that I'm having trouble wrapping my brain around... no one should be visiting that folder directly that's legit.
Funny thing is, ever since I started using the Redirection plugin to take care of some of my really old 404s, I've noticed just how many URLs potential hackers are trying to visit on many of my sites, looking for timthumb in various plugins and themes that aren't even on my sites, looking for particular outdated plugins and themes by searching for specific readme files for those themes, it's nuts. I can't tell you how bombarded 2 of my sites are by asshats searching for raw FCKeditor installations or old forum admin pages that were never on those sites to begin with.
I swear if all those folks used their powers for good instead of searching for ways to hack websites, they would have collectively cured cancer, produced viable manned spaceflight to Mars and back, and maybe even solved Riemann's Hypothesis.
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkHi
No cant get my brain round it either - have gone through the entire server twice - restored the site from a backup - still seeing that redirect!!!
The rewrite is happening automatically, but you shouldn’t be seeing it as a redirect… so where are the links to that folder without the trailing slash coming from?
I cannot find any links to that folder without the trailing slash!
That has to be linked from somewhere without the trailing slash, or else it wouldn’t be getting visited to be rewritten… that’s the part that I’m having trouble wrapping my brain around… no one should be visiting that folder directly that’s legit.
Agreed - that folder should not be seen at all without the trailing slash...i'm going to have to find a way to search for it in the entire database
LOL re hacking - yes, security hardening is critical these days - don't trust your hosting provider - do it yourself. Yes wasted energy..its the same in the SEO world - negative SEO is the new black! 🙂
Try looking at the raw access logs, see if it shows up in there, and if they do, you should also be able to get referrer info from those entries, find out where they're coming from.
Do you have your plugins and themes directories disallowed in your robots.txt?
My sites are as locked down as they can be on shared hosting... thing is, without implementing some extremely extensive additions to .htaccess to silently deny or redirect attemtps to access files that don't exist on my sites, there's nothing effective that can be done. The larger your .htaccess is, the slower your site gets, plus there's no way to prevent other people from trying to access common location urls for vulnerable scripts and plugins and themes. They are literally fishing, and it's not that hard to program a crawler with potential vulnerable script locations and unleash it on a few thousand websites, then analyze the results afterwards, see if any domains would warrant a second phase of deeper probes and attacks.
I've even seen people trying to access .old or .bak versions of wp-config, or leftover .tar.gz or .zip files for complete site backups... people actually leave those files on their sites? If so, there really needs to be a security basics class or tutorial series out there that everyone should make sure their friends read before wanting to set up a website 🙂
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After Dark@samw, if those private replies are for me, I can't see them... only you and forum admins/moderators can read those.
Go ahead & shoot me an email 🙂
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After Dark
- The forum ‘General Discussion’ is closed to new topics and replies.