A question I see pop up from time to time in the WordPress Support Forum is how do I stop people from viewing my plugins folder? There are several ways to go about this - all of them easy.
The first method involves placing an empty index.HTML file in EACH folder you want to protect. If you prefer you can include a brief message in that file rather than using a blank one. Two important things to remember when using this method:
- You'll have to place the file in EACH folder you want to protect. It will not shield subfolders.
- Be sure NOT to use a blank PHP file in the plugin directory - it will bork the dashboard. That is why I suggest using a blank HTML file. And if you're going to use a HTML file in the plugin directory you may as well use them everywhere else.
The next two methods involve the use of a .htaccess file.
Method a: This is the easiest method of all. Add the following line to the .htaccess file that lives at root...
Options -IndexesThis will automagically turn off indexing for ALL folders/subfolders sitewide. If you add that line to a .htaccess file in wp-contents it will disable indexing not only for that folder but for the folders below it and so forth.
Method b: Add the following line to the .htaccess file that lives at root...
IndexIgnore *The * matches all files in the directory. What is the difference between the two? Method b allows you to restrict only a subset of files from being viewed. For example, let's say for some reason you want the directory content to be viewable but block image files. You would do this...
IndexIgnore *.gif *.png *.jpgFor more .htaccess goodness check out Stupid htaccess Tricks by Perishable Press.
About Len Kutchma
I usually use the index.html in all folders, dont forget image and css folders as well.
"...dont forget image and css folders as well."
Yes. That's why I said to place it in each folder - it will not shield subfolders.