block wp-content/uploads

by 24 replies
29
Hi,

I need to block wp-content/uploads from appearing in google. I set up a new website on WP and when I checked google with site:sitename.com to see if it got indexed I noticed that it did indeed get indexed, but google also indexed wp-content/uploads and when I click on it I can see the whole content of my uploads folder, and this scares me cause of the possibility of my website being hacked/exploited through this very folder.

Anyway, long story short does anybody know how to block this folder (and any other important files/folders) from appearing in the search engines?

Thank you in advance!
John

PS: don't worry, I will also thank you after you advise hehe :p
#programming #block #wpcontent or uploads
  • you have to just mention this rule in robots.txt file which will in return block google and other search engine to index in search engine

    you can get info on how to do it in this page

    The Web Robots Pages
    • [ 1 ] Thanks
    • [1] reply
    • Ok, I will use that robots file, but will this get my already indexed page out of the google index as well?

      Also, is there any command line/code/whatever that automatically blocks all files/folders containing sensitive info in my website? Please just don't refer me to htaccess as I don't know how to use that file and I already ruined a website a few years ago because of misusing it.

      Thanks for the above link. Will go ahead right away and see how I can use it.
  • Install the Better WP Security plugin by Bit51. It will shut off directory listings in addition to the rest of its security features. I never run a WP site without it any more.
    • [ 1 ] Thanks
    • [2] replies
    • Installed, activated, set up and already loving its simplicity

      One question though: do you know if the plugin also removes (or at least hides/blocks) wp-content/uploads from google index?
      • [1] reply
    • The server needs indexing disabled.
      Plugins won't really do anything about that.
      • [2] replies
  • [DELETED]
    • [1] reply
    • Deny all?? Won't this stop my entire site from getting indexed by big G? Cause that's not really the purpose you know!
      • [1] reply
  • You can protect the folder or directory via through your Cpanel.

    There should be an section for you to password protect the folder.

    Look for it usually under security

    Alternatively you can also protect the folder via .htaccess and for the website not to be index you can do so via robots.txt

    Using Cpanel Index Manager you can also hide that particular file or folder.

    Search for it Index Manager is under the Advance section of the Cpanel.

    To prevent prying eyes upload a index.php or index.html to the folders within wordpress that does not have a index.php or index.html. Usually happens in the upload folders. Do note each month and year has their own folder.

    Danny
    • [ 1 ] Thanks
    • [1] reply
    • Thank you. I found the index manager under Advanced section in my cpanel and set the entire 'wp-content" folder to not be indexed. Is it ok or should I do this just for the uploads folder? I don't know...

      Also, do you know if this will also take the folder out of google's index or do I still have to do it via GWT's removals?

      And also, there are 3 more folders appearing along with wp-content (cgi, wp-admin, and wp-includes). Do I have to protect these ones as well, or should I just let them be?

      Again, thanks for the awesome advice. I had no idea what that index manager was for. Actually, I have no idea what most of the options in my cpanel are for :p

  • Banned
    Early last year, I just did this to my business' website to see how it works.
    If your domain is hosted by HostGator, log into to your host's CPanel and check out that root directory option. You may also password-protect directories if you wish.

    I just can't find that exact "kb article" from Hostgator's site. Anyway, that's already a year ago.
  • Thanks Karen. I know that htaccess is a nasty file, which is why I chose not to mess with it. That's one thing.

    Second thing, I know that the fewer plugins installed the better security, and speed-wise website I will have, so I keep these to the bare minimum as well.

    And third thing, I am only interested in hiding that directory from the search engines for now, which I already did (using the robots.txt). So, I don't care about creating those traps that you mentioned, at least not yet. Maybe later, when/if someone gets bored with their life and they will decide to destroy mine (talking about hackers, obviously). But for now I am good

    But, thanks for the nice explanations. I will really start at least to learn what those icons in my cpanel do, if not learn how to use them as well. I was always afraid of touching those icons (except for fantastico, stats, and email), but they seem to be all so useful especially for such cases like mine
    • [ 1 ] Thanks
    • [1] reply
    • Hi Monere,

      In cPanel, the icons you should become familiar with are in the email section "email authentication" and set up DKIM and an SPF record to protect yourself from email spoofers.

      Then you should set up Hot Link Protection, Under the "security" tab - That way people won't hotlink to any files you have on your server and use up your bandwidth

      And as mentioned earlier use IP Deny to block users by domain or by IP address or IP range

      If you ever need some help with .htaccess especially with regards to denying access to sensitive WordPress files, or blocking a rogue user agent or referer please let me know.
      The nice thing about making mistakes is that you eventually learn how to do things right -

      Unfortunately, WordPress sites continue to have a big target on their backs - WordPress users can never afford to leave their sites unattended for very long.
      • [ 1 ] Thanks
Join the discussion

Next Topics on Trending Feed

  • 29

    block wp-content/uploads

    Hi, I need to block wp-content/uploads from appearing in google. I set up a new website on WP and when I checked google with site:sitename.com to see if it got indexed I noticed that it did indeed get indexed, but google also indexed wp-content/uploads and when I click on it I can see the whole content of my uploads folder, and this scares me cause of the possibility of my website being hacked/exploited through this very folder.