內容簡介
插件如何運作
目錄索引保護插件的運作方式是透過更新 Apache 的 .htaccess 檔案,以加入指令 "Options -Indexes"。這樣就不必透過 FTP 或其他機制自行進行編輯。
功能特色
只需點擊一下,輕鬆關閉目錄索引。
掃描目錄結構,檢查曝露的目錄索引。
提供安全或曝露目錄的報告。
在其他程序編輯或更新 .htaccess 檔案後,檢查保護是否仍然啟用。
在修改前先備份現有的 .htaccess。
在保存前,檢查 .htaccess 檔案的語法是否有錯誤。
什麼是網頁伺服器目錄列表?
網頁伺服器目錄列表(簡稱目錄索引)是 WordPress 伺服器中存儲資料夾內容的清單。和您的本地電腦資料夾相似,網頁伺服器有一個目錄結構來存儲檔案和資料夾。如果啟用目錄索引,伺服器將顯示該目錄中包含的所有檔案和子資料夾。您可以查看或下載這些檔案,並像在本地電腦上一樣進出子資料夾。
為什麼這是危險的?
通常,在進行更改之前會備份重要的 WordPress 配置檔案,並將其存儲在伺服器上的某個資料夾中。這些備份可能包含您的 WordPress 管理員或資料庫密碼。插件、主題和管理功能的原始碼也存儲在伺服器上的資料夾中。這些檔案都不是為了公開檢視而設計的。駭客可以使用目錄索引下載這些檔案,並創建一個地圖以利用您網站的漏洞。如果它們包含您的 WordPress 管理員密碼,您的整個網站和所有客戶數據都有風險。更糟糕的是,駭客可以使用腳本掃描數千個網站上的這些檔案,並駭入您的網站或在暗網上銷售這些信息。常用的身份盜竊程序可能不會掃描 WordPress 配置密碼。關閉目錄索引對於您網站的安全是至關重要的。
外掛標籤
開發者團隊
原文外掛簡介
How it works
The Directory Index Guard plugin works by updating the Apache .htaccess file to include the directive Options -Indexes. It prevents you from having to edit it yourself via FTP or some other mechanism.
Features
Easily turn directory indexes off with one click.
Scan directory structure to check for exposed directory indexes.
Provides a report of which directories are safe or exposed.
Checks to make sure protection is still enabled after the .htaccess file is edited or updated by another process.
Creates a backup of the existing .htaccess before modifying.
Checks the syntax of the .htaccess file for errors before saving.
What is a Web Server Directory Listing?
A web server directory listing, commonly called a directory index, is a list of the contents in a folder stored on your WordPress server. Similar to your local computer directory, a web server has a directory structure for storing files and folders. If directory listings are turned on, the server will show all files and subfolders contained in that directory. The files can be viewed or downloaded, and you can move into and out of subfolders like you would on your local computer.
Why is this dangerous?
Often times, backups of critical WordPress configuration files are made before making changes and then stored in a directory on the server. These backup can potentially contain your WordPress administrator or database password. The source code for plugins, themes, and administrative functions are also stored in directories on the server. None of these files are intended for public viewing. Hackers can use directory listings to download these files and create a road map of how to exploit vulnerabilities in your site. If they contain your WordPress administrator password, your entire site and all of your customer data is at risk. To make this worse, hackers can scan these files with a script, on thousands of websites at a time, and hack your site or sell the information on the dark web. Common identity theft programs may not scan for WordPress configuration passwords. Turning off directory listings is absolutely critical for the security of your site.
