Again: Your store’s uploads directory is browsable via the web

Hi @pothound!

Yes, this is something that we have resolved in v4.2, here https://github.com/woocommerce/woocommerce/issues/26599

Can you please paste your sites’ status report back here? You’ll find that under “WooCommerce > Status” page.

Thanks.

Hey @rynald0s yes I know that it was supposed to be fixed that is why I am confused. I added that special file you recommended some weeks ago which fixed it and now it is back again…
Here is the status report:

### WordPress Environment ###

WordPress address (URL): https://sabrinafrancis.com/merchandise
Site address (URL): https://sabrinafrancis.com/merchandise
WC Version: 4.6.0
REST API Version: ? 4.6.0
WC Blocks Version: ? 3.4.0
Action Scheduler Version: ? 3.1.6
WC Admin Version: ? 1.6.1
Log Directory Writable: ?
WP Version: 5.5.1
WP Multisite: –
WP Memory Limit: 768 MB
WP Debug Mode: –
WP Cron: ?
Language: en_US
External object cache: –

### Server Environment ###

Server Info: Apache
PHP Version: 7.3.23
PHP Post Max Size: 128 MB
PHP Time Limit: 120
PHP Max Input Vars: 3000
cURL Version: 7.66.0
OpenSSL/1.1.1g-fips

SUHOSIN Installed: –
MySQL Version: 5.7.26-29-log
Max Upload Size: 128 MB
Default Timezone is UTC: ?
fsockopen/cURL: ?
SoapClient: ?
DOMDocument: ?
GZip: ?
Multibyte String: ?
Remote Post: ?
Remote Get: ?

### Database ###

WC Database Version: 4.6.0
WC Database Prefix: wp_
Total Database Size: 36.43MB
Database Data Size: 29.63MB
Database Index Size: 6.80MB
wp_woocommerce_sessions: Data: 1.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_woocommerce_order_items: Data: 0.06MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_order_itemmeta: Data: 0.42MB + Index: 0.30MB + Engine InnoDB
wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_actionscheduler_actions: Data: 1.27MB + Index: 0.72MB + Engine InnoDB
wp_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_actionscheduler_logs: Data: 0.50MB + Index: 0.39MB + Engine InnoDB
wp_bwfan_abandonedcarts: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_bwfan_automationmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_bwfan_automations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_bwfan_contact_automations: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_bwfan_logmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_bwfan_logs: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_bwfan_message_unsubscribe: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_bwfan_syncrecords: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_bwfan_taskmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_bwfan_tasks: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_bwfan_task_claim: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_bwf_actions: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_bwf_action_claim: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_bwf_contact: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_bwf_contact_meta: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_bwf_wc_customers: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_comments: Data: 0.22MB + Index: 0.09MB + Engine InnoDB
wp_fooevents_check_in: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_give_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_give_comments: Data: 0.11MB + Index: 0.00MB + Engine InnoDB
wp_give_donationmeta: Data: 0.14MB + Index: 0.14MB + Engine InnoDB
wp_give_donormeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_give_donors: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_give_formmeta: Data: 0.05MB + Index: 0.03MB + Engine InnoDB
wp_give_logmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_give_logs: Data: 0.25MB + Index: 0.00MB + Engine InnoDB
wp_give_sequential_ordering: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_give_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_hurrytimer_evergreen: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_itsec_opaque_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_options: Data: 7.06MB + Index: 0.17MB + Engine InnoDB
wp_postmeta: Data: 5.50MB + Index: 1.88MB + Engine InnoDB
wp_posts: Data: 1.52MB + Index: 0.20MB + Engine InnoDB
wp_rank_math_404_logs: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_rank_math_internal_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_rank_math_internal_meta: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_rank_math_redirections: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_rank_math_redirections_cache: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_rank_math_sc_analytics: Data: 0.16MB + Index: 0.09MB + Engine InnoDB
wp_smush_dir_images: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_termmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_terms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_term_relationships: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_term_taxonomy: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_tm_taskmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_tm_tasks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_usermeta: Data: 0.05MB + Index: 0.03MB + Engine InnoDB
wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_wc_admin_notes: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wc_admin_note_actions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wc_order_product_lookup: Data: 0.06MB + Index: 0.06MB + Engine InnoDB
wp_wc_order_stats: Data: 0.05MB + Index: 0.05MB + Engine InnoDB
wp_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wc_zapier_history: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wfacp_stats: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_wfblockediplog: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wfblocks7: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_wfconfig: Data: 0.09MB + Index: 0.00MB + Engine InnoDB
wp_wfco_connectormeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wfco_connectors: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wfco_report_views: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_wfcrawlers: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wffilechanges: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wffilemods: Data: 6.52MB + Index: 0.00MB + Engine InnoDB
wp_wfhits: Data: 0.06MB + Index: 0.05MB + Engine InnoDB
wp_wfhoover: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wfissues: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_wfknownfilelist: Data: 2.52MB + Index: 0.00MB + Engine InnoDB
wp_wflivetraffichuman: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wflocs: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wflogins: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wfls_2fa_secrets: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wfls_settings: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wfnotifications: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wfob_stats: Data: 0.02MB + Index: 0.08MB + Engine InnoDB
wp_wfocu_event: Data: 0.05MB + Index: 0.05MB + Engine InnoDB
wp_wfocu_event_meta: Data: 0.06MB + Index: 0.00MB + Engine InnoDB
wp_wfocu_session: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wfpendingissues: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_wfreversecache: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wfsnipcache: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_wfstatus: Data: 0.13MB + Index: 0.09MB + Engine InnoDB
wp_wftrafficrates: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_wpsd_stripe_donation: Data: 0.02MB + Index: 0.00MB + Engine InnoDB

### Post Type Counts ###

ae_global_templates: 1
ai_playlist: 1
attachment: 99
custom_css: 1
elementor_library: 4
event_magic_tickets: 7
give_forms: 2
give_payment: 106
nav_menu_item: 8
page: 37
post: 3
product: 19
product_variation: 31
revision: 395
shop_coupon: 10
shop_order: 90
shop_order_refund: 6
wc_zapier_feed: 6
wfacp_checkout: 16
wfob_bump: 2
wfocu_funnel: 3
wfocu_offer: 3
woo_discount: 3
woo_discount_cart: 1
xlwcty_thankyou: 7

### Security ###

Secure connection (HTTPS): ?
Hide errors from visitors: ?

### Active Plugins (31) ###

Anywhere Elementor: by WPVibes – 1.2.2
Customizer Export/Import: by The Beaver Builder Team – 0.9.2
Drip for WooCommerce: by Drip – 1.1.1 – Installed version not tested with active version of WooCommerce 4.6.0
Elementor: by Elementor.com – 3.0.11
Essential Addons for Elementor: by WPDeveloper – 4.3.2 – Installed version not tested with active version of WooCommerce 4.6.0
Facebook for WooCommerce: by Facebook – 2.0.5 – Installed version not tested with active version of WooCommerce 4.6.0
Flexible Shipping: by WP Desk – 3.14.4 – Installed version not tested with active version of WooCommerce 4.6.0
FooEvents Calendar: by FooEvents – 1.5.26
FooEvents for WooCommerce: by FooEvents – 1.11.53 – Installed version not tested with active version of WooCommerce 4.6.0
FooEvents Express Check-in: by FooEvents – 1.4.8
FooEvents PDF Tickets: by FooEvents – 1.7.11
Give - Donation Plugin: by GiveWP – 2.8.1
Homepage Control: by WooThemes – 2.0.3
Min and Max Quantity for WooCommerce: by BeRocket – 1.2.13.2 – Installed version not tested with active version of WooCommerce 4.6.0
PixelYourSite: by PixelYourSite – 7.2.0 – Installed version not tested with active version of WooCommerce 4.6.0
Quantity Field on Shop Page for WooCommerce: by Wooassist – 1.3.0 – Installed version not tested with active version of WooCommerce 4.6.0
SG Optimizer: by SiteGround – 5.6.8
UpdraftPlus - Backup/Restore: by UpdraftPlus.Com
DavidAnderson – 1.16.30

Woo Discount Rules: by Flycart Technologies LLP – 2.3.1
Advanced Order Export For WooCommerce: by AlgolPlus – 3.1.6 – Installed version not tested with active version of WooCommerce 4.6.0
NextMove Lite - Thank You Page for WooCommerce: by XLPlugins – 2.13.0 – Installed version not tested with active version of WooCommerce 4.6.0
WooCommerce PayPal Checkout Gateway: by WooCommerce – 2.1.0 – Installed version not tested with active version of WooCommerce 4.6.0
WooCommerce Stripe Gateway: by WooCommerce – 4.5.3 – Installed version not tested with active version of WooCommerce 4.6.0
WooCommerce Zapier: by OM4 – 2.0.5 – Installed version not tested with active version of WooCommerce 4.6.0
WooCommerce: by Automattic – 4.6.0
AeroCheckout: Custom WooCommerce Checkout Pages: by WooFunnels – 2.1.1
OrderBumps: WooCommerce Checkout Offers: by WooFunnels – 1.8.1 – Installed version not tested with active version of WooCommerce 4.6.0
UpStroke: Dynamic Shipping: by WooFunnels – 1.6.0 – Installed version not tested with active version of WooCommerce 4.6.0
UpStroke: WooCommerce One Click Upsells: by buildwoofunnels – 2.2.4
Wordfence Security: by Wordfence – 7.4.11
Smush: by WPMU DEV – 3.7.1

### Inactive Plugins (2) ###

AudioIgniter: by The CSSIgniter Team – 1.6.2
WooCommerce Admin: by WooCommerce – 1.6.1 – Installed version not tested with active version of WooCommerce 4.6.0

### Settings ###

API Enabled: –
Force SSL: –
Currency: USD (USD )
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Number of Decimals: 2
Taxonomies: Product Types: external (external)
grouped (grouped)
simple (simple)
variable (variable)

Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)
exclude-from-search (exclude-from-search)
featured (featured)
outofstock (outofstock)
rated-1 (rated-1)
rated-2 (rated-2)
rated-3 (rated-3)
rated-4 (rated-4)
rated-5 (rated-5)

Connected to WooCommerce.com: ?

### WC Pages ###

Shop base: #8 - /
Cart: #9 - /cart/
Checkout: #10 - /checkout/
My account: #11 - /my-account/
Terms and conditions: ? Page not set

### Theme ###

Name: Storefront Child Theme
Version: 1.0.0
Author URL: https://act-artanddesign.com
Child Theme: ?
Parent Theme Name: Storefront
Parent Theme Version: 2.8.0
Parent Theme Author URL: https://woocommerce.com/
WooCommerce Support: ?

### Templates ###

Overrides: sabrinafrancis-merch/woocommerce/emails/customer-processing-order.php
sabrinafrancis-merch/woocommerce/single-product.php

### Action Scheduler ###

Complete: 750
Oldest: 2020-09-15 18:00:07 -0400
Newest: 2020-10-16 17:46:35 -0400

Pending: 24
Oldest: 2020-10-16 18:46:34 -0400
Newest: 2020-10-20 07:03:09 -0400

### WooCommerce Zapier ###

Database Version: ? 12
Detailed Logging Enabled: No
Legacy Mode Disabled: ? No
SSL: ? Yes
REST API Authentication Key(s): ? 0
Task History Record Count: ? 0
Legacy Cron Tasks: ? 0
Active Legacy Feeds: ? 1 active Legacy Feed(s) need to be migrated before April 30
2021. Migrate Your Zaps Now

Legacy Feed #1: FB Campaign UAL I Feel: T-shirt
- Trigger: New Order
- Webhook URL: https://hooks.zapier.com/hooks/catch/5920083/om0i2n7/

@pothou
I suggest that you check that the .htaccess file on your site contains the following:
Options All -Indexes
as this will prevent directory browsing.
It may be that your .htaccess file got overwritten at some point which allowed directory browsing to continue.

I hope that helps you to figure it out.
Feel free to get back to us if you have further questions.

Hey @mouli thanks yes indeed that is not in my file. But how exactly do I add it? Just like this:
Options All -Indexes

I am so lost when it comes to htaccess file….

Hey @pothound
You will need to edit the file after downloading it using FTP or your file manager in your hosting account.
As it is important to use exactly the right format etc. I suggest that you ask your hosts for help adding it to the file.

I hope that helps you to figure it out.
Feel free to get back to us if you have further questions.

Hey @mouli I can download and change the htaccess file that is not the problem. Just not sure if I only add this line with nothing else…
Options All -Indexes

Hi @pothound
Yes, I suggest that you add Options All -Indexes at the bottom of everything else already in the file.
That will prevent browsing of all directories.

I hope that helps you to figure it out.
Feel free to get back to us if you have further questions.

Hi @pothound. I hope that you were able to resolve the issue. Since we haven’t heard from you in a while, I’m going to go ahead and mark this thread as resolved. If you still need help with this issue or have any other questions about the WooCommerce plugin, please start a new thread.