I was manually uploading a theme im working on to my wordpress install tonight when I noticed a index.php file in my themes folder. I opened the file and it contained only the following three lines of code:
<?php
//silence is golden
?>
This kind of concerned me, at first I thought well maybe I accidentally uploaded the file to the themes directory, but the contents of the file are not anything I would have put.
So what I am getting at is, should there be a index.php file in my wp-content/themes/ directory? Or is it possible someone put it there. OR! Now that I think of it, maybe the file was accidentally uploaded by myself, and then a "hacker" or someone who got access to the directoy changed the contents to include only that one comment, hoping it would break the site.
Not really a code question but I wanted to get some input on this situation.
I was manually uploading a theme im working on to my wordpress install tonight when I noticed a index.php file in my themes folder. I opened the file and it contained only the following three lines of code:
<?php
//silence is golden
?>
This kind of concerned me, at first I thought well maybe I accidentally uploaded the file to the themes directory, but the contents of the file are not anything I would have put.
So what I am getting at is, should there be a index.php file in my wp-content/themes/ directory? Or is it possible someone put it there. OR! Now that I think of it, maybe the file was accidentally uploaded by myself, and then a "hacker" or someone who got access to the directoy changed the contents to include only that one comment, hoping it would break the site.
Not really a code question but I wanted to get some input on this situation.
Share Improve this question edited Jul 11, 2013 at 5:08 fuxia♦ 107k39 gold badges255 silver badges461 bronze badges asked Jul 11, 2013 at 4:49 VigsVigs 5681 gold badge5 silver badges16 bronze badges2 Answers
Reset to default 1This file and the copy in wp-content/plugins/ was added 2009 to prevent directory browsing even when the server allows that.
This isn’t really a security feature, except in the sense of security by obscurity, but there might be files not everyone wants to see published or indexed by search engines.
A better solution is: turn directory listing off (Apache, nginx, IIS) and disallow crawling of these files – even when there are links to single files – in your robots.txt:
User-agent: *
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/themes
This file is okay.
It is to ensure visitors cannot manually browse the /wp-content/themes/ folder and see all of the theme folders and files.
What they see instead is nothing, which is produced by the //silence is golden.
(So, it's a security feature)