server file system path showing through browser from theme directory

  • Resolved dancer

    (@dancer)


    17 years, 4 months ago

    As I was reading this current thread, http://ww.wp.xz.cn/support/topic/231693 , I noticed that if you click on the theme directory link, anyone can view what themes you have uploaded, and then further, if you click on a theme folder, an error message will show through the browser which contains the file system path from your server.

    This is a privacy issue as a Web site owner may not want his server login name to be publicly viewable via the error message displaying something like /home/username/wordpress/wp-content/themes/theme-name/.

    Does anyone know how to make it so that none of these types of error messages show for any possible URL accessing WordPress?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Clayton James

    (@claytonjames)

    17 years, 4 months ago

    I believe one method to prevent that, is to place an entry in your .htaccess file. Place this at the top of the file…

    Options -Indexes

    I think that should prevent casual directory browsing.

    [Edit] 🙂

    Thread Starter dancer

    (@dancer)

    17 years, 4 months ago

    I found that this occurs when in php.ini

    display_errors = On

    On shared hosting, not having access to the main php.ini file, one can put a php.ini file in one’s root www directory with

    display_errors = Off

    and put in the .htaccess file

    SetEnv PHPRC path-to-root

    Thread Starter dancer

    (@dancer)

    17 years, 4 months ago

    P.S. php.ini does not inherit so you’d have to copy the original php.ini and make the changes you want. Also, I guess the php.ini file doesn’t actually have to be in the www directory and probably better not to.

    Clayton James

    (@claytonjames)

    17 years, 4 months ago

    Your concern obviously went deeper than just the casual browsing of directories. Glad you got it sorted out!

    🙂

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘server file system path showing through browser from theme directory’ is closed to new replies.