To prevent someone from viewing the indexes you have, in particular the wp-includes directory, you need to edit the htaccess file. We show you how to go through the process in this video. The code used comes from the website www.splashnology.com/blog/wordpress/921.html.
Select the link below to watch a high definition version of this video
[S3VIDEO file=’public/liveanswers/LA12-27-10a-protect-wpincludes-directory.mp4′ bgimage=’https://www.byobwebsite.com/wp-content/uploads/2012/10/LA12-27-10a-protect-wpincludes-directory.jpg’ displaymode=’overlay’]
Oh protect directories on your server. And so, I guess this is it here. And so if we look at this yoursite.com/wp-includes, so if we do this… say wp-includes. So here we have in the wp-includes folder, the entire list of all of the files in our wp-includes. I wonder if the same thing happens with wp-content. It does not happen with wp-content but it certainly does with wp-includes. It’s not going to be in wp-admin because that takes us directly to our login.
So wp-includes is the one that’s affected by this. And if we come back over to… okay, we can get out of that and that and log out of there. And then, so what this is saying is that in order to prevent somebody viewing the contents or indexes, what we’ll do is we add this to our htaccess file – so solution, edit the access file again. Okay, so copy this and I gotta log in again. It was just Firefox having problems.
So now what we’re doing is we are going to open up the htaccess file for banner1 and so we’ll go back to file manager and banner1 and scroll down here to our htaccess, slide it there at the top or down at the very bottom. Isn’t that interesting? So I don’t have an htaccess set up in this directory unless I’m missing it here. No, it doesn’t appear as if I do have one in this directory so I could create one. Let’s go all the way to the root. So up one level, all the way to the root and see if I will find my htaccess file here…you know what, I think this is actually preventing…this isn’t letting me see the htaccess file in this file manager. So I guess we have to do it from Filezilla.
Okay, so if we go to banner1, actually let’s just do it like in estore10. And let’s see… got in WordPress and then look for HT access file here. HT access and then the root to this, okay. So now in this case, so this was estore10 so here if instead we go to www.estore10.byobtutorial.com/wp-includes okay so this also displays all that stuff. So what we want to do is make it so it doesn’t display that, we go back to Filezilla and we open it. Actually, that’s not readable. Open it up in NetBeans instead. So while waiting for this to pop up, actually… okay so are we live now? Almost. What we’re going to do is we’re just going to edit this and add that line to it. So file, open file… websites. And then Tailoring the Web, no. It’s byobwebsite, tutorial sites, estore10, WordPress… there’s the htaccess file. Okay, and so what he wants us to add to this is this Options All – Indexes so we’ll go back to that and just after WordPress, Options All – Index… we save that. We upload it and go ahead and overwrite and we come back over to the site and we refresh it. And now it doesn’t let you in. So that’s a way of hiding these directory listings. You know, I don’t really know how easy it is to exploit that but it is… but this is a solution to it. And so once again, I want to say this is at www.splashnology.com/blog/wordpress/921.html.