6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

Restrict file in wordpress plugin directory from browsing but allow wordpress to use?

by StevesProfitSecrets
4 replies
I bought a wordpress plugin that stores and uses some info I want to keep private in a text file within its own plugin directory and I don't really want people having the ability to find it and download. I put blank index files in the wp-content, plugins, and specific plugin directory to stop directory browsing, but I'm afraid if someone knew about the plugin and the file structure they could easily browse to it. Apparently the file name cannot be changed because it will stop access for the plugin. Not good.

Is there a way to lockdown, either with .htaccess or file permissions the file so that it cannot be grabbed, say with a browser, yet allow wordpress to use it for the plugin? Basically need to restrict access to wordpress only being able to read and write to it. Is it possible?
#browsing #directory #file #plugin #restrict #wordpress
  • Profile picture of the author Karen Blundell
    you've done the right thing...the blank index.html files in the various directories means that no one can view what's in them..I would leave the default file permissions intact because changing them unless instructed to can mess things up.

    a great WordPress plugin to install is Secure WordPress...and it can be added from within your WordPress dashboard...

    good luck!
    Signature
    ---------------
    {{ DiscussionBoard.errors[1422023].message }}
    • Profile picture of the author StevesProfitSecrets
      Thanks...I actually run secure wordpress on all of my wordpress installs.

      Blank index pages disallow directory browsing, but if someone is familiar with the plugin and naming structure they could easily browse to the file. Any other ideas?
      Signature
      StevesProfitSecrets.com - Money Making Tips, Tricks, and Case Studies
      {{ DiscussionBoard.errors[1422595].message }}
  • Profile picture of the author HomeComputerGames
    I believe you can put a .htaccess file in that directory and include something like this:
    Change the file extension as needed.

    <Files ~ "\.txt$">
    Order allow,deny
    Deny from all
    </Files>

    This should stop anyone from getting a .txt file from that directory but still let your script access it.

    I have an example here:
    http://www.homecomputergames.com/temp/test123.txt
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[1423430].message }}

Trending Topics