By default when your web server does not find an index file (i.e. a file like index.php or index.html), it automatically displays an index page showing the contents of the directory. This could make your site vulnerable to hack attacks by revealing important information needed to exploit a vulnerability in a WordPress plugin, theme, or your server in general. In this article, we will show you how to disable directory browsing in WordPress.
Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. For the comprehensive security of our sites, we use Sucuri for WordPress security. They have a simple dashboard which allows us to do this and perform many other WordPress security strengthening steps with in few clicks.
Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.
If you don’t like the video or need more instructions, then continue reading.
To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s .htaccess
file located in the root directory of your website. To edit the .htaccess
file you need to connect to your website using an FTP client.
Once connected to your website, you will find a .htaccess
file in your site’s root directory. .htaccess
is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.
You can edit your .htaccess
file by downloading it to your desktop and opening it in a text editor like Notepad. Now at the end of your WordPress generated code in the .htaccess
file simply add this line at the bottom:
1 |
Options -Indexes |
Now save your .htaccess
file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.
Credits:
http://www.wpbeginner.com/wp-tutorials/disable-directory-browsing-wordpress/
For example, you’re running a mp3 site on wordpress and hosting audio files on your own server. By default when an user click on a mp3 file link, it automatically play the audio instead of downloading. This could make your site user annoying as he have to right click on the file and choose Save As to download it. In this article, we will show you how to Force Download of Mp3 files instead of Streaming without plugins.
You can disable this streaming feature in WordPress by add some lines of code in your WordPress site’s .htaccess file located in the root directory of your wordpress install. To edit the .htaccess file you need to login into your hosting and navigate to File Manager.
Once navigated to your file manager, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file by default, so if you can’t find it on your server, you need to make sure that you have enabled your file manager to show hidden files.
You can edit your .htaccess file by downloading it to your pc or code edit feature on your server. After open it at the end of your WordPress generated code in the .htaccess file simply add these lines at the bottom as shown in the image below:
1
2
3
4
|
<FilesMatch “\.(mov|mp3)$”>
ForceType application/octet–stream
Header set Content–Disposition attachment
</FilesMatch>
|
You can change or add any other file type based on your need (example: pdf, mp4, doc)
Now save your .htaccess file. That’s all you need to do. Streaming feature is now disabled on your WordPress site and people can download mp3 files hosting on your blog by just click on it.
We hope this article will help you to learn How to force download after a click on the mp3 file link. For questions and feedback you can leave a comment below or join us on our forum.
Credits:
http://wpcage.com/force-download-mp3-files-instead-of-streaming/
So … sometimes you on shared hosting and you need to import a large database. Problem phpmyadmin only supports a max of > 50MB. So the first option is to check the php.ini or the cursed .htaccess file – however many times shared providers override these or won’t allow an apache restart immediately.
So in comes BigDump SQL Import (http://www.ozerov.de/bigdump/)
Credits to http://www.ozerov.de/bigdump/usage/
Happy importing
So like me who doesn’t like to install in the root of a server, you may need to redirect an incoming web connection to another directory (sub) or an alternative page. It’s also cool if you want to redirect to a website under construction page etc.
I do this with the cursed .htaccess file by adding this line
# This allows you to redirect index.html to a specific subfolder
Redirect /index.html http://www.abc.com
Where abc in (http://www.abc.com) is you redirected site. You could include a subdirectlyt by adding the slashed link (http://www.abc.com/def)
Happy redirecting.
On shared hosting/VPN or cloud if you’d like to increase the default max file upload size from 10M check our the below
You need to set the value of upload_max_filesize
and post_max_size
in your php.ini (in the example below 40M is what I’ve set the max upload to, however you can change to whatever you’d like eg. 100M etc.):
; Maximum allowed size for uploaded files. upload_max_filesize = 40M ; Must be greater than or equal to upload_max_filesize post_max_size = 40M Or in the cursed .htaccess file
php_value upload_max_filesize 40M
php_value post_max_size 40M
Happy uploading ....
Sometimes you just need to edit the cursed .htaccess file and on the Mac by default the file is “hidden” – here’s how to show all.
To show all hidden files and folders, in Terminal in OS X 10.9 Mavericks:
[wc_code]defaults write com.apple.finder AppleShowAllFiles -boolean true ; killall Finder[/wc_code]
Getting back to cleanliness:
[wc_code]defaults write com.apple.finder AppleShowAllFiles -boolean false ; killall Finder[/wc_code]
To show all hidden files and folders, in Terminal for earlier versions of OS X 10.8 and prior:
[wc_code]defaults write com.apple.finder AppleShowAllFiles TRUE ; killall Finder[/wc_code]
Getting back to cleanliness:
[wc_code]defaults write com.apple.finder AppleShowAllFiles FALSE ; killall Finder[/wc_code]
Or if you lazy and would like an app (there’s always an app) – download this (FinderRevealer.zip (app))