I just completed 14 Days of WordPress Plugins + 7 Bonus Plugins!

Disable Directory Listings

Author:Scott Reilly
Version:1.0
Last update:07 April 2008
Compatibility:WP 2.0+, 2.1+, 2.2+, 2.3+ and 2.5+
Comments:go here
Download:[ zip ]
Description:

Prevent virtual directory listing services from listing the contents of directories, and/or show a page in place of a directory’s listing.

Extended Description

Web servers can be configured to automatically display the listings of the contents of a web site’s file directory if no index file (i.e. index.html or index.php) is present. This can expose files and information to visitors. Of course the web server could be configured to not do this, but sometimes you don’t have permission (you’re on a shared host), the know-how, or you want to selectively disallow virtual directory listings. That’s where this plugin can help.

By default, the following directories are protected:
wp-include/, wp-content/, wp-content/plugins/, and wp-content/themes/

It does NOT protect any other directory by default. You can change the setting to change this.

NOTE: After plugin activation/deactivation, you may need to update the permalink structure for your site if your .htaccess file is not writable.

If you want to test if your site has virtual directory listings enabled, try visiting www.yoursite.com/wp-content/plugins. If you see a listing of plugin files, then virtual directory listing is enabled for your site. (Obviously, you’d type in your blog’s own domain name and not literally ‘www.yoursite.com’.)

Features:
* Prevent users from seeing the contents of certain (or all) directories on your site (assuming your web server generates virtual directory listings)
* Allows you to use a WordPress page as the index for a directory (that doesn’t already have )

By default, the following directories are protected:
* wp-include/
* wp-content/
* wp-content/plugins/
* wp-content/themes/
* It does NOT protect any other directory by default. You can change the setting to change this.

TIP: When this plugin is activated (the permalink structure is updated as per the instructions below), WordPress will generate the themed 404 - Not Found page. If you were to create a Page with the same name as one of the directories being disabled (i.e. ‘wp-includes’ or ‘wp-content’) then that page will be displayed instead of the 404 error message. If you want to display a page for the ‘plugins’ and ‘themes’ directory, you must create them as children pages of the ‘wp-content’ page.

Compatible with WordPress 2.0+, 2.1+, 2.2+, 2.3+, and 2.5.

Screenshots

  • A screenshot of the admin options page for the plugin showing the options input fields.
    screenshot 1

Installation

  1. Download the file disable-directory-listings.zip and unzip it into your wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ admin menu in WordPress
  3. Go to the new Options → Directory Listings (or in WP 2.5: Settings → Directory Listings) admin options page. Optionally customize the list of directories.
  4. If the plugin’s admin options page says that your .htaccess file is not writable, then you must manually update your .htaccess file with the changes it has made. Go to the Options → Permalink (or in WP 2.5: Settings → Permalink) admin options page and follow the instructions to update your .htaccess.

    NOTE: If your .htaccess is not writable, then you must perform step 4 when activating or deactivating the plugin, and when updating the plugin’s options. Otherwise, step 4 is not necessary.

Frequently Asked Questions

  • Q: How do I make a WordPress page appear when a user tries to access a directory on my site?

    A: Create a page (not post) with the same name as the directory. And ensure the directory is listed in the plugin’s settings (found at Options → Directory Listings (or in WP 2.5: Settings → Directory Listings)). If the directory you wish to create a page for is below another directory (relative to the root directory of your site) such as wp-content/plugins, then you must first create a page named wp-content, and then a page named ‘plugins’ which you need to make a child page of wp-content.

  • Q: I’ve activated the plugin but I can still see the directory listing for one of the directories protected by default; what gives?

    A: Is your .htaccess writable? Visit the plugin’s options page, Options → Directory Listings (or in WP 2.5: Settings → Directory Listings), to check and find out more info.


Release Log


Copyright & Disclaimer

Copyright © 2006-2008 by Scott Reilly (aka coffee2code)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.