Caution: WordPress On A Different Directory
Photo credit: Joy Freschly
WordPress has this really nice feature where you can install it on say http://mysite.com/wordpress/ folder but make the site serve pages at http://mysite.com. What this means for you – it’s easy to switch directories and it’s good for organizing things in the background. For the longest time I’ve used this method because I like certain things to be filed neatly way in a folder of its own. A huge pet peeve is a messy /public_html. If you want to learn how to do this, the steps are outlined in the Codex.
Recently, while checking up on how easy it is to crack into some people’s WordPress installations, I found a huge mistake some people did when using this neat feature. Instead of copying the index.php file as the Codex suggests, they moved it.
Big mistake! That means you now lose an index file and expose the whole WordPress folder for others to see and consequently use as an exploit. If you want to move an index file out of any folder sure, do it but always put an empty index.html file back in there.
Do You Want A Hands-Free Business?
Then get this guide to help you systemize your business so you'll have more time working on your business.
Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.
Lynette,
I learned this the hard way. As far as I know, no one discovered my unprotected directory and downloaded docs.
I was stumped as to why the directory kept coming up on some folders but not on others. I tried changing the chmod, but that kept people from downloading who were allowed to. Then I was at a friend’s house doing something else (and 25 miles from computer access) when it hit me. I’d created a folder with no index.html file.
I’m glad I figured it out (especially when I wasn’t even thinking about it at the time inspiration hit me), because I could have lost a lot of potential sales.
I don’t consider myself a techie, but I’ve learned a thing or two and this time I knew enough. Glad I know where to come next time, if I can’t “get it” on my own.
Thanks for the article.
Deb Gallardo
Lynette,
I learned this the hard way. As far as I know, no one discovered my unprotected directory and downloaded docs.
I was stumped as to why the directory kept coming up on some folders but not on others. I tried changing the chmod, but that kept people from downloading who were allowed to. Then I was at a friend’s house doing something else (and 25 miles from computer access) when it hit me. I’d created a folder with no index.html file.
I’m glad I figured it out (especially when I wasn’t even thinking about it at the time inspiration hit me), because I could have lost a lot of potential sales.
I don’t consider myself a techie, but I’ve learned a thing or two and this time I knew enough. Glad I know where to come next time, if I can’t “get it” on my own.
Thanks for the article.
Deb Gallardo
Hey Deb. Good for you! I think we all kinda learn things the hard way in many areas. Really glad you figured things out. Honestly, I never considered myself ‘technical’ until I found the Internet 11-12 years ago.
Look forward to having you visit again.
Hey Deb. Good for you! I think we all kinda learn things the hard way in many areas. Really glad you figured things out. Honestly, I never considered myself ‘technical’ until I found the Internet 11-12 years ago.
Look forward to having you visit again.
LOL, I liked the blog approach so much I tried to install a second version at the root level of my domain. What a nightmare! Originally, the thinking was “hey, it will be easy for me to simply log in and make changes on the fly…instead of finding someone who can make changes on my original site.”
Total confusion!
LOL, I liked the blog approach so much I tried to install a second version at the root level of my domain. What a nightmare! Originally, the thinking was “hey, it will be easy for me to simply log in and make changes on the fly…instead of finding someone who can make changes on my original site.”
Total confusion!
Actually Thomas you are thinking on the right track most if not all of my sites are managed with WordPress isn’t it so much easier? I’ve installed WP in the root level and while that is the easiest it can be a headache if you use nice permalinks, sometimes creating 404 unexpected errors. Maybe all you needed was a bit of help.
Actually Thomas you are thinking on the right track most if not all of my sites are managed with WordPress isn’t it so much easier? I’ve installed WP in the root level and while that is the easiest it can be a headache if you use nice permalinks, sometimes creating 404 unexpected errors. Maybe all you needed was a bit of help.