By default when your web server does not find an index file (i.e. a file like index.php or index.html), it automatically displays an index page showing the contents of the directory. This could make your site vulnerable to hack attacks by revealing important information needed to exploit a vulnerability in a WordPress plugin, theme, or your server in general. In this article, we will show you how to disable directory browsing in WordPress.
默认情况下,当您的Web服务器找不到索引文件(即,诸如index.php或index.html之类的文件)时,它将自动显示一个显示目录内容的索引页。 通过揭示利用WordPress插件,主题或整个服务器中的漏洞所需的重要信息,这可能使您的站点容易受到黑客攻击。 在本文中,我们将向您展示如何在WordPress中禁用目录浏览。
为什么您需要在WordPress中禁用目录浏览 (Why You Need to Disable Directory Browsing in WordPress)
Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. For the comprehensive security of our sites, we use Sucuri for WordPress security. They have a simple dashboard which allows us to do this and perform many other WordPress security strengthening steps with in few clicks.
黑客可以使用目录浏览来发现您是否存在任何已知漏洞的文件,因此他们可以利用这些文件获得访问权限。 为了我们网站的全面安全,我们将Sucuri用于WordPress安全 。 他们有一个简单的仪表板,使我们能够执行此操作,并且只需单击几下即可执行许多其他WordPress安全增强步骤。
Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.
其他人还可以使用目录浏览来查看您的文件,复制图像,查找目录结构以及其他信息。 这就是为什么强烈建议您关闭目录索引和浏览的原因。
影片教学 (Video Tutorial)
If you don’t like the video or need more instructions, then continue reading.
如果您不喜欢该视频或需要更多说明,请继续阅读。
To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s .htaccess file located in the root directory of your website. To edit the .htaccess file you need to connect to your website using an FTP client.
要禁用WordPress中的目录浏览,您要做的就是在位于网站根目录中的WordPress网站的.htaccess文件中添加一行代码。 要编辑.htaccess文件,您需要使用FTP客户端连接到您的网站。
Once connected to your website, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.
连接到您的网站后,您将在网站的根目录中找到一个.htaccess文件。 .htaccess是隐藏文件,如果您在服务器上找不到它,则需要确保已启用FTP客户端以显示隐藏文件。
You can edit your .htaccess file by downloading it to your desktop and opening it in a text editor like Notepad. Now at the end of your WordPress generated code in the .htaccess file simply add this line at the bottom:
您可以通过将.htaccess文件下载到桌面并在文本编辑器(如记事本)中打开文件来对其进行编辑。 现在,在.htaccess文件中WordPress生成的代码的末尾,只需在底部添加以下行:
Options -Indexes
Now save your .htaccess file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.
现在,保存您的.htaccess文件,并使用FTP客户端将其上传回服务器。 这就是您需要做的。 现在,您的WordPress网站上的目录浏览已被禁用,尝试在您的网站上查找目录索引的用户将被重定向到WordPress 404页面。
We hope this article helped you learn how to disable directory browsing in WordPress to make your website more secure. For questions and feedback you can leave a comment below or join us on Twitter.
我们希望本文能帮助您学习如何在WordPress中禁用目录浏览以使您的网站更安全。 对于问题和反馈,您可以在下面发表评论或在Twitter上加入我们。
翻译自: https://www.wpbeginner.com/wp-tutorials/disable-directory-browsing-wordpress/
280
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
