2. Algorithm
  3. directory - index.php file in wp-contentthemes folder

directory - index.php file in wp-contentthemes folder

admin2025-06-02  0

I was manually uploading a theme im working on to my wordpress install tonight when I noticed a index.php file in my themes folder. I opened the file and it contained only the following three lines of code:

<?php 
//silence is golden
?>

This kind of concerned me, at first I thought well maybe I accidentally uploaded the file to the themes directory, but the contents of the file are not anything I would have put.

So what I am getting at is, should there be a index.php file in my wp-content/themes/ directory? Or is it possible someone put it there. OR! Now that I think of it, maybe the file was accidentally uploaded by myself, and then a "hacker" or someone who got access to the directoy changed the contents to include only that one comment, hoping it would break the site.

Not really a code question but I wanted to get some input on this situation.

I was manually uploading a theme im working on to my wordpress install tonight when I noticed a index.php file in my themes folder. I opened the file and it contained only the following three lines of code:

<?php 
//silence is golden
?>

This kind of concerned me, at first I thought well maybe I accidentally uploaded the file to the themes directory, but the contents of the file are not anything I would have put.

So what I am getting at is, should there be a index.php file in my wp-content/themes/ directory? Or is it possible someone put it there. OR! Now that I think of it, maybe the file was accidentally uploaded by myself, and then a "hacker" or someone who got access to the directoy changed the contents to include only that one comment, hoping it would break the site.

Not really a code question but I wanted to get some input on this situation.

  • theme-development
  • directory
Share Improve this question edited Jul 11, 2013 at 5:08 fuxia 107k39 gold badges255 silver badges461 bronze badges asked Jul 11, 2013 at 4:49 VigsVigs 5681 gold badge5 silver badges16 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 1

This file and the copy in wp-content/plugins/ was added 2009 to prevent directory browsing even when the server allows that.

This isn’t really a security feature, except in the sense of security by obscurity, but there might be files not everyone wants to see published or indexed by search engines.

A better solution is: turn directory listing off (Apache, nginx, IIS) and disallow crawling of these files – even when there are links to single files – in your robots.txt:

User-agent: *
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/themes

This file is okay.

It is to ensure visitors cannot manually browse the /wp-content/themes/ folder and see all of the theme folders and files.

What they see instead is nothing, which is produced by the //silence is golden.

(So, it's a security feature)

转载请注明原文地址:http://conceptsofalgorithm.com/Algorithm/1748839041a314151.html

directoryindexphp file in wpcontentthemes folder

最新回复(0)