Direct File Access Call Prevention for Directory Starter and its child themes.

This topic contains 18 replies, has 4 voices, and was last updated by  Stiofan O’Connor 7 years, 3 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • #392036

    Ephrem Asrat
    Free User
    Post count: 21

    I would like to know if it’s NOT good, if I modify the index.php file to prevent direct file access call on browsers using the default known wordpress directory.

    This is one of the Error, Just add this to your site:-
    https://www.YourWebsiteName.com/wp-content/themes/directory-starter/

    Fatal error undefined function get_header() in index.php on line 1

    I tested the fix code:

    
    
    <?php
    
       if (function_exists('get_header')) {
        get_header();
      } else {
        $url = "/";
        header("Location: " . $url);
        exit();
    
    get_header();

    OR THIS CODE

    
    
    <?php
    
    if ( ! defined( 'ABSPATH' ) ) {
    	exit;
    }
    
    get_header();

    IT WORKS But Another Error comes at another line.

    So Is that ok to continue with these errors?

    #392037

    Guust
    Moderator
    Post count: 29970

    Can you not just turn off directory browsing at the server level?
    Or install WP admin in another folder: https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory ?

    Thanks

    #392038

    Ephrem Asrat
    Free User
    Post count: 21

    Guust

    Changing the directory of the WordPress doesn’t help to hide the site structure from scanning. In fact the server level site structure prevention might a help a lot, and I even tried to do so using .htaccess override. But I think overriding is disabled for security reasons on shared hosting, and that is the bad side of shared hosting, but I am thinking to tell the hosting provider for help. And I am hoping this is the only solution.

    And I was also expecting another solution, if you guys have a solution regarding coding. So I will try the server side modification.

    Thank you.
    Ephrem

    #392119

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    Hi Ephrem,

    I would not worry about it, almost every WP site is like this and has no problems.

    Stiofan

    #392132

    Ephrem Asrat
    Free User
    Post count: 21

    Stiofan

    Yes most of WP sites are like this including the showcase sites in GeoDirectory websites. I scanned mine and their website too. But That means the theme or plugin is outdated even it’s working and profitable, it needs to be updated. I still like your Core Plugin from the beginning of the time I read the blog recommendation post about directory themes and plugins.

    But If I care about clean coding, you have to clean for the satisfaction of your new and old customers.

    So far So good! I hope I will be your real partner in the future from my country.

    Thank you 🙂
    Ephrem F. Asrat

    #392173

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    I am not sure what you are asking?
    I think you are asking to add a check to the theme index.php for some reason?

    Non of the WordPress default themes do this, and i think they know what they are doing…
    https://github.com/WordPress/WordPress/blob/master/wp-content/themes/twentyseventeen/index.php
    https://github.com/WordPress/WordPress/blob/master/wp-content/themes/twentysixteen/index.php
    etc..

    Thanks,

    Stiofan

    #392188

    Ephrem Asrat
    Free User
    Post count: 21

    Stiofan

    I am not confused. I am just asking to have a clean code if it is possible. But if that is just fine fine and free from vulnerability, I am cool.

    Thank you
    Ephrem F. Asrat

    #392197

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    There are no problems.

    Stiofan

    #392253

    Ephrem Asrat
    Free User
    Post count: 21

    Yes there is. Trust me. If you allow me, Let me use all add-ons without paying any penny.

    #392277

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    At this point i really have no idea what you mean or are on about, sorry…

    Stiofan

    #392330

    Ephrem Asrat
    Free User
    Post count: 21

    One can see site structure using different methods, but errors like I mentioned above is one of the way that reveals the site structure. So one can get a hint to scan the whole site with best scanning software and steal sensetive data.

    #392334

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    The error output is dependent on the server, no errors should be shown on a production server, this has nothing to do with GeoDirectory!!

    #392360

    Ephrem Asrat
    Free User
    Post count: 21

    So you are saying, they (The Hosting Company) can make the error not to be revealed from the server side only?

    #392362

    Paolo
    Site Admin
    Post count: 31206

    That’s correct, please try to get any sensible info from any of the sites of our demo:

    http://wpgeo.directory

    If you are able to do so and outline how you did it, we’ll provide a lifetime license for all of our products.

    If you are not, please stop posting on this forum for similar things.

    Thanks

    #392364

    Ephrem Asrat
    Free User
    Post count: 21

    Oh Paolo That’s great and wait for me…

    Do you consider the plugins and theme file sensable?

Viewing 15 posts - 1 through 15 (of 19 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
20% Discount Offer
Hurry! Get your 20% discount before it expires. Get 20% Discount