If you are a webmaster or managing a blog, some day or the other you need to sit and dedicate time to optimize your website, and you start it with it editing core internal files and if you are unlucky, you may end up messing up things without being really aware of what you are doing.
This happened to us yesterday, we were editing some internal files of this blog’s WordPress installation files with an insight to optimize the loading time of our blog.We sat for hours and did edit some files.We could at least do something and slept peacefully with some satisfaction.
Then the next day BANG !! we were astonished to find some of the WordPress internal files that otherwise shouldn’t be publicly visible were all over the Google.That’s the moment we spotted the mess (look at the screenshot below) that happened while editing our site files yesterday and started working to fix them.You understood what the problem was, right? Don’t panic, there are lots of people like us, who are unknowingly keeping their site internal files open (see examples).
How To Fix This?
Step 1: We tried to understand why this is happening?
Reason: The permission properties of inner files of the site are site to ‘public’ that means anyone can see the internal file structure of your blog/site.
Step 2: Having found out the mistake, the solution is simple (at least as it seems):
Permission properties of these files/directories should be made ‘private’ and indexing of these files should be disabled
Step 3: There are two ways to do disable the indexing of files so that other people can’t see what’s inside your internal directories:
# 1 You can place a index.html file in all the folders which are coming ‘index of..’ structures.
# 2 Edit your .htaccess file to disable private indexing of the folders.
Step 4: While the 1st method is relatively simple one to follow, but it takes time as you need to put index.html files in all the directories that are visible in indexing.
Step 5: The optimal method according to us is editing your .htaccess file to disable indexing of folders.
Options All –Indexes
Just add the above code in your .htaccess file (edit through notepad) which is your site’s root folder save it and write it back to your root folder.
Step 6: The problem is solved, now open your Wordpres internal files wihtout logging into the site and you’ll notice the 403 error being returned to you.
This solved the problem in our case.I’ve decided to post this because someone who finds themselves in the same situations as we were yesterday would find it useful to some extent at least.