The uploads directory contains images. They show up when your pages/posts are viewed. And they can be accessed and even downloaded. But this is the case with all other CMS, not specific to WordPress. Do you mean this?
Thread Starter
Popseo
(@chacko)
Think So. /wp-content/ is not a accessible directory. /wp-content/uploads is. it lists all images/pdf (as you mention). I was wondering if I had something broken. It was a shock to see it arrive in one of the google alerts.
It was a shock to see it arrive in one of the google alerts.
Can you post a link, screenshot, or any other way we can see it?
Thread Starter
Popseo
(@chacko)
OK, it should not normally appear like that. Can you post your site URL?
Thread Starter
Popseo
(@chacko)
Thank you. I am not comfortable posting it openly. id there any otherway?
Try reinstalling WordPress manually, except wp-content folder.
http://codex.ww.wp.xz.cn/Updating_WordPress#Manual_Update
I would take the following steps:
1. Deny directory listings via your .htaccess file. See this tutorial:
http://viralpatel.net/blogs/htaccess-directory-listing-enable-disable-allow-deny-prevent-htaccess-directory-listing/
2. Add a robots.txt file to prevent search engines indexing /wp-content/uploads/, /wp-admin/, /wp-includes/, etc. The WordPress SEO by Yoast plugin has a built-in robots.txt editor.
Thread Starter
Popseo
(@chacko)
I re-installed. No change. Please advice. 3 sites are affected one of the link is mentioned in http://frontierindiatech.com/temp/temp.txt
Blog junkie. Thank You. hackers will have a field day even if it doesn’t list in searches. I am implementing your suggestion.
That link looks apparently OK. You may check the other URLs using:
http://sitecheck.sucuri.net/scanner/
Note: Need not be 100% accurate. You need to use other tools too to confirm if any infection is reported, and also if you know that infection exists.
I re-installed. No change. Please advice
In my view the easiest option will be:
1. Backup your sites (including database)
2. Delete all WordPress files
2. Reinstall WP from a freshly downloaded version
3. Restore your site from backup.
4. Test again for problems if any.
Create a blank text file titled index.html and upload it to the uploads directory, which is usually /wp-content/uploads/. This prevents the directory being accessible.
Actually, the uploads directory will still be accessible, although you won’t see the links to the files in it — you’d just see a blank page (your index.html file). But you’d have to add an index.html in every subdirectory in the /uploads directory (which I believe get created based on the date of uploads).
To stop displaying the links (or allowing access to the uploads directory and subdirectory), put this in your .htaccess file and upload to your website:
Options -indexes
(Note: it’s important not to edit the .htaccess file with a word processing program — a plain text editor like Notepad will do.)
Thread Starter
Popseo
(@chacko)
Thank you everyone. I am adding index.html and options -indexes.
