Prevent Directory Browsing On Your WordPress - Hackers Love Directory Browsing

Prevent Directory Browsing On Your WordPress - Hackers Love Directory Browsing | WP Learning Lab

Рет қаралды 31,605

Күн бұрын

🔥Name Your Own Price🔥 for the 11-Point WP Security Checklist Smart PDF: wplearninglab....
Code from the tutorial:
BEGIN Directory Browsing Block
Options -Indexes
END Directory Browsing Block
In this tutorial I show you how to stop hackers from seeing which plugins and themes you have installed on your WordPress site. When hackers know what you have installed they also know what vulnerabilities you have on your site.
That makes it easier for them to hack your site. So for your WordPress security make sure you stop directory browsing.
So let's put that code into your .htaccess file.
First login into your hosting account cPanel. Then find and click on the File Manager icon and choose the Document Root for the website that you are hardening. This will open the root of the website in another tab.
You can also log into the website root using FTP if you are more comfortable with that.
If you do not see a .htaccess in the website right then you can make one by clicking Add New File in the File Manager or right-clicking and choosing Create New File via FTP.
Open the .htaccess file and paste the code from above into it. There is no need to make adjustments to the code. Once pasted in just save the file and you're done. This is an easy way to begin hardening your WordPress site.
I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.
--------------
If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.
wplearninglab.com/
Connect with us:
WP Learning Lab Channel: www.youtube.com...
Facebook: / wplearninglab
Twitter: / wplearninglab
Google Plus: google.com/+Wpl...
Pinterest: / wplearninglab

Пікірлер: 86

@Mystic68four 9 жыл бұрын

As a beginner and learning how WP works, All your videos have been the most useful resources I have ever had! I really appreciate your hard work! Thank you!

@wplearninglab 9 жыл бұрын

+Mystic68four Awesome! Thanks for the great feedback and thanks for watching :-)

@SamBassComedy 4 жыл бұрын

You're the first person to do this right that I used. I tried other ways and it broke my site. This works perfectly, thank you! Subscribed!

@wplearninglab 4 жыл бұрын

I'm happy it worked for you and thanks for subscribing! Much appreciated :)

@osvaldowesly9993 Жыл бұрын

All Bjorn tutorials are excellent

@wplearninglab 9 жыл бұрын

[VIDEO] Prevent directory browsing on your WordPress - Hackers love directory browsing kzbin.info/www/bejne/f5LUkmufls2srZI #WordPress #tutorial

@Gracence322 4 жыл бұрын

Thank you Thank you Thank you! I appreciate you putting all of this in layman's terms for those of us who don't have a clue! Great tutorial!

@urbancowboy199 4 жыл бұрын

This video really helped me lock down my directories! THANK YOU! Just a side note though, with Bluehost when I log into my CPanel, there is an option called Indexes, and through this interface, it makes these modifications for you. :)

@wplearninglab 4 жыл бұрын

Hi James, I didn't know about that feature in Bluehost! That's a good time saver. Thanks for sharing!

@urbancowboy199 4 жыл бұрын

Absolutely! I didn't either until I watched another video on how to lock down these Wordpress sites. Lots of good info out there; glad I could help :)

@TheKiwiCoder 3 жыл бұрын

After adding Options -Indexes it does prevent directory listing, but I can't access the rest of my site either, like the main domain or any subpages. Any ideas how to fix that?

@artkiko4460 5 жыл бұрын

Super Helpful and very well explained. thanks. it's insane that wordpress or hostgator don't set this up by default or even tell you about it when doing a new install.

@wplearninglab 5 жыл бұрын

I agree, there's a lot of things they don't tell you. That's the price of using open source software.

@artkiko4460 5 жыл бұрын

@@wplearninglab true. hey, i'm trying to tackle my media folder and the huge number of generated images i get. i can't stand the bloat! i see a lot of articles and videos on how to prevent wordpress from generating different image sizes but i can't seem to find anything to help me determine what the ESSENTIAL sizes are that i should keep. i'm using woocommerce only (no blog) on flatsome theme. do you have any tips on how i can figure this out? thanks.

@snowman_web_design_development 3 жыл бұрын

Your videos are fantastic. Great info!

@wplearninglab 3 жыл бұрын

Thanks and thanks for watching!

@JonathanStrange 4 жыл бұрын

Does this not harm your Search Engine Optimization?

@RohBawa 9 жыл бұрын

Awesome videos on you channel, keep up the good work. Thanks.

@wplearninglab 9 жыл бұрын

+Rohit Bawa Thanks Rohit. I plan to keep it up :)

@karismachica5177 9 жыл бұрын

Thank You So much! Your Videos are helping me so much!

@wplearninglab 9 жыл бұрын

+Karisma Pooja You're welcome Karisma. I'm glad you like them!

@NetPwn 9 жыл бұрын

Great tutorial, much appreciated thank you.

@wplearninglab 9 жыл бұрын

+NetPwn You're welcome. Thanks for the comment!

@nachos1331 9 жыл бұрын

Thank you for everything! Just curious, does this affect SEO rankings? Thanks again

@wplearninglab 9 жыл бұрын

+David K Hi David. It shouldn't affect SEO ranking because search engines rank pages on your site, they don't rank content in your plugin or theme directories. Thanks for your comment!

@firstvideo6339 5 жыл бұрын

Hey dear, nice tutorial, but don't you think /wp* will effect on website's seo??? if even google crawlers can't find our web's wp all folders access then would it be OK? pls clarify

@firstvideo6339 3 жыл бұрын

@Coming Games yes..but he didnt reply. So, I dont know the exact answer.

@glitterbrushpainting 3 жыл бұрын

Great tutorial, thanks 👍

@sophieberg3634 5 жыл бұрын

This is so great, thank you so very much. It is very helpful.

@dullknife01 4 жыл бұрын

Thank you very much for all your videos. I would know if when we disallow google robots scanning our content directory our site won't be forgotten for referencing .... To be referenced and well ranked is important for all of us

@wplearninglab 4 жыл бұрын

Hi Steve, The directories we block in this video don't need to be indexed or ranked by search engines. What you need ranked are pages, posts and sometimes custom post types. Blocking directory browsing won't affect that. I hope that helps, let me know if you have any further questions. Thanks for watching!

@MostCommentsAreFake-ud8by 4 жыл бұрын

@@wplearninglab - Hi, does Google use the name of the custom post type. As my current CPT names are nothing to do with the subject of my website ? Cheers for all the knowledge.

@longbeach225 3 жыл бұрын

Awesome. This works for me.

@ahmedbakhach2490 4 жыл бұрын

Thank you very much but any can still have access to these files through the developer tools in google chrome form example or firefox...

@mrtipsfun6441 5 жыл бұрын

Wow Great Boss

@wplearninglab 5 жыл бұрын

Thanks and thanks for watching!

@brandonbailey7118 9 жыл бұрын

great video very useful thanks

@wplearninglab 9 жыл бұрын

I'm glad you found it useful Brandon!

@aniketjoshi7518 5 жыл бұрын

Love you man

@siddharthraj7531 5 жыл бұрын

Always appreciated ❤❤❤❤❤

@wplearninglab 5 жыл бұрын

Thanks Siddharth, and thanks for watching!

@ankushverma270 4 жыл бұрын

My web hosting uses litespeed server. Will above .htaccess code work for me. Can url removal in google search console be alternative to it??

@philbertmill2 5 жыл бұрын

Thank you!!

@wplearninglab 5 жыл бұрын

You're welcome, thanks for watching! Let me know if you have any questions :)

@syedwajahatali2020 2 жыл бұрын

HI, You taught method of preventing directory browsing for Apache webserver but what if our website has open lite speed server pls tell me code for this condition as well

@cgworks 3 жыл бұрын

Thank you for the tutorial it really helps lost. please help with one thing I used the same code but it not showing a blank page it showing Error 403 - Forbidden You don't have permission to access the requested resource. Please contact the web site owner for further assistance. please help

@trictreat1205 5 жыл бұрын

Thanks so much

@mdshohag6644 6 жыл бұрын

Many Many Thanks to you

@wplearninglab 6 жыл бұрын

You're welcome, thanks for watching!

@BeyondTshirts 9 жыл бұрын

And thank you once again!!!!!

@wplearninglab 9 жыл бұрын

workwithksmusselman You're very welcome! I'm glad I can help :)

@rianhasiando 5 жыл бұрын

Nice video, thanks

@wplearninglab 5 жыл бұрын

You're welcome Rian, thanks for watching!

@WahjoeGunawan 3 жыл бұрын

Hallo, I am using vps and debian nginx (installed by other) and can not find htaccess. I have checked that in nginx no htaccess installed. do you have any solution to protect web as we you use htaccess ? thank you

@xenderxxx8994 5 жыл бұрын

love you bro u save me .. thanks a lot

@wplearninglab 5 жыл бұрын

You're welcome, I'm glad I could help! Thanks for watching and let me know if you have any questions :)

@osherezra131 5 жыл бұрын

Hey Thanks A lot appreciate, one question how can I remove all the wp folders listed in the "sources" panel in google dev tools ? any Idea? cheers

@OdirlonHerartt 9 жыл бұрын

Very thanks! save my life.. =)

@wplearninglab 9 жыл бұрын

***** You're welcome Odirlon, glad this video helped!

@AAlani-uz4gm 5 жыл бұрын

Wouldn't that cause issues with Google mobile score because it will prevent WP from outputting CSS & JS Files inside wp-content/plugins?

@anonymous_00 4 жыл бұрын

Please make a video to setup wp-robot plugin

@davidromelus7121 5 жыл бұрын

Hi, I left a messaged before stating that It didn't work for me. It did work. It took a little time. but I do have another question. I change the admin name. Do I have to change something in the code to?

@mauwiks 6 жыл бұрын

Hi Bjorn, I'm confused about how to redirect user login/registration to a custom page. Do you have any video for this? Thanks ahead

@wplearninglab 6 жыл бұрын

Hi Mauwiks, I don't have a video for that yet, but this plugin should do it: wordpress.org/plugins/redirect-after-login/ I hope that helps and thanks for watching!

@mauwiks 6 жыл бұрын

@@wplearninglab I mean the login_url

@wplearninglab 6 жыл бұрын

Sorry for the delay in responding. I'm still not 100% clear, do you mean you want to change the login URL or redirect after someone logs in?

@mauwiks 6 жыл бұрын

@@wplearninglab I mean, I would like to change my default login (kindtechgroup.net/wp-admin) into my customized page located at kindtechgroup.net/login. This is not like renaming the wp-admin or wp-login.php. It's changing the default URL, and then redirecting the old "available" /wp-admin into the new login "custom page" /login

@iznasen 4 жыл бұрын

But I think they'll still be visible through the dev tool?

@AhsanGhafoor-fy6ld 7 жыл бұрын

hi on my site the robot file existed, it said the following User-agent: * Disallow: /wp-admin/ Allow: /wp-admin/admin-ajax.php should i do your way or shall i leave it like above, or change it like the following?? User-agent: * Disallow: /wp*

@wplearninglab 7 жыл бұрын

+Ahsan Ghaf Hi Ahsan, I think you can leave it like above. Access to the Ajax file Mary be required for something I don't know about. You could consider adding Disallow: /wp-includes/ I hope that helps and thanks for watching!

@AhsanGhafoor-fy6ld 7 жыл бұрын

Thank you

@wplearninglab 7 жыл бұрын

No problem. Glad to help. Thanks for watching!

@silverdicer 6 жыл бұрын

Is this still working ?, I've tried adding the Options -Indexes but unfortunately not working for me.

@wplearninglab 6 жыл бұрын

As far as I know it's still working, I'll put it on my list to test.

@silverdicer 6 жыл бұрын

Ok great and thank you for all the fantastic videos, it's much appreciated :)

@silverdicer 6 жыл бұрын

For some strange reason I'm not getting the 'white page' unfortunately..when testing I went to a specific plugin folder and it had a link back to their website. Thank you so much for all the great videos, they really are a great source of valuable information, it is much appreciated :)