Linux 软件免费装

Directory Index Guard

开发者 wpfixservices
更新时间 2021年4月13日 03:11
PHP版本: 5.5 及以上
WordPress版本: 5.7
版权: GPLv2
版权网址: 版权信息

标签

htaccess apache directory listings exposed indexes webserver directory listings wpfix.services directory indexes index of

下载

1.2.1 1.2.2 1.0.0 1.1.0 1.2.0

详情介绍:

How it works The Directory Index Guard plugin works by updating the Apache .htaccess file to include the directive Options -Indexes. It prevents you from having to edit it yourself via FTP or some other mechanism. Features What is a Web Server Directory Listing? A web server directory listing, commonly called a directory index, is a list of the contents in a folder stored on your WordPress server. Similar to your local computer directory, a web server has a directory structure for storing files and folders. If directory listings are turned on, the server will show all files and subfolders contained in that directory. The files can be viewed or downloaded, and you can move into and out of subfolders like you would on your local computer. Why is this dangerous? Often times, backups of critical WordPress configuration files are made before making changes and then stored in a directory on the server. These backup can potentially contain your WordPress administrator or database password. The source code for plugins, themes, and administrative functions are also stored in directories on the server. None of these files are intended for public viewing. Hackers can use directory listings to download these files and create a road map of how to exploit vulnerabilities in your site. If they contain your WordPress administrator password, your entire site and all of your customer data is at risk. To make this worse, hackers can scan these files with a script, on thousands of websites at a time, and hack your site or sell the information on the dark web. Common identity theft programs may not scan for WordPress configuration passwords. Turning off directory listings is absolutely critical for the security of your site.

安装:

  1. Log into your site as the WordPress Administrator.
  2. Go to the Plugin Menu and click Add New.
  3. Enter "Directory Index Guard" in the search box.  It will be the first result to show up with a blue shield icon.
  4. Install and Activate the plugin.
  5. Click the Turn Protection On button. Once activated, the plugin configuration will be under the Tools menu on the WordPress Administration page.  The configuration page will show you all directories on your server and which ones are vulnerable.
Click the "Turn on Protection" button to apply the necessary configuration changes, after which all directories should appear safe.

屏幕截图:

  • Scan showing exposed directory listings without Directory Index Guard protection.
  • Scan showing safe directory listings with Directory Index Guard protection.
  • Screenshot of what a directory index listing looks like, for an admin source code folder.

更新日志:

Version 1.2.0 Version 1.1.0 Version 1.0.0