404 page

Do you have this line in your .htaccess file?

ErrorDocument 404 /wordpress/index.php?error=404

Now I do :0

But now how do I protect my WP folders ? (wp-content, wp-ugins, etcc..)

Could I redirect users when they try to go these directories?
Also how I can change /wp-admin to something else, like /admin

thanks

Whatever you do, don’t do anything to “secure” wp-admin. It’s already secure. Anyone attempting to access the directory will be sent to a login page. Now, for the rest …

Either add an index.php to the directories with only the following line in it (all on one line):

<?php header('Location: https://www.example.com/wordpress/index.php'); ?>

Or, add this to a .htaccess file in each of those directories:

Options All -Indexes

The index.php file will do a redirect to what ever domain you specify, and the .htaccess file will issue a 403 Access Denied error. Again, do not modify /wp-admin/ with either of these files.

It seems that when not logged in, o another another computer or whatever, you can view the contents of my wp directories… they do not have htaccess files in them, so i tried putting the one from my main dir in them but this does not help… perhaps because the one from my main directory appears to have nothing in it?

I really dont know how these things work but can someone tell me how to secure my directories?

Thanks very much.

Just because you can get a directory listing does not mean they are not secure. If you don’t want a list in any of your directories put:
Options -Indexes
in your root .htaccess file or put an index file in each directory you want to deny a directory listing (or an htaccess file with the above line)
.

Ok… but my htaccess file in the root contains NOTHING… is this correct?

I will add options -indexes… I guess I just type it on line one and then leave a line after? Like..

‘options -indexes’

heh.

Yeah?

(Thanks very much for the info)

Yep, worked! Cheers!