{"id":487,"date":"2013-05-23T10:36:53","date_gmt":"2013-05-23T09:36:53","guid":{"rendered":"http:\/\/wphelpclub.com\/blog\/?p=487"},"modified":"2014-02-11T14:45:20","modified_gmt":"2014-02-11T13:45:20","slug":"wordpress-content-protection","status":"publish","type":"post","link":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/","title":{"rendered":"Can anyone steal your content? Find out now if you&#8217;re protected"},"content":{"rendered":"<p>I have been working on a blog post for <del datetime=\"2020-05-22T08:44:37+00:00\">over a week now<\/del> a while regarding WordPress security and as I was going through my notes I had an idea : so I picked 5 websites randomly from people that belong to a facebook group where I hang out regularly to check if their uploaded content was protected. The result blew my mind: 4 out of 5 websites were not protected!<\/p>\n<p><!--more--><\/p>\n<p>(If you are part of our maintenance program, no worries you are protected already \ud83d\ude42 )<\/p>\n<p>If you have a WordPress site you absolutely need to read this: I am going to share with you how to check if your content is accessible by anyone, and I&#8217;ll show a quick fix to prevent your folders from being browsed, and that something you can do yourself, right now. (and no, creating a index.html file is not enough).<\/p>\n<p><!--more--><\/p>\n<p><strong>1) Find out if your content is exposed:<\/strong><br \/>\nTo find out if your content is not secure, in your browser go to the following url :<\/p>\n<p><strong><span style=\"color: #6ea50a;\">[yourwebsiteurl]\/wp-content\/uploads<\/span><\/strong><br \/>\njust replace [yourwebsiteurl] with your domain name like wphelpclub.com for me.<\/p>\n<p>if you see a list that looks like the picture below with jpg and pdfs, folders like 2011, 2012, 2013 (this is where all your images and pdfs you uploaded are stored), that means that everything that you uploaded to your server can be downloaded by anyone: \u00a0your online courses pdfs, downloadable sheets, images, even your backups!! All they have to do is right click and save the files to their computer!!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-489\" alt=\"screenshot-uploads\" src=\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png\" width=\"589\" height=\"303\" srcset=\"https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png 589w, https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads-300x154.png 300w\" sizes=\"auto, (max-width: 589px) 100vw, 589px\" \/><\/p>\n<p><strong>2) If you&#8217;re vulnerable, do not panic, it&#8217;s been there for months if not years, it does not have to be fixed this second, so.. deep breath.. let&#8217;s do something right now to block access to this folder and all the files and folders below it!<\/strong><\/p>\n<p>1) You will need to login to your Control panel on your hosting account (also called cpanel, make sure you can view hidden files because we are going to edit a hidden file that starts with a . )<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-615\" alt=\"hiddenfiles\" src=\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/hiddenfiles.png\" width=\"451\" height=\"330\" srcset=\"https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/hiddenfiles.png 451w, https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/hiddenfiles-300x219.png 300w\" sizes=\"auto, (max-width: 451px) 100vw, 451px\" \/><\/p>\n<p>2) look for the file .htaccess in the folder where WordPress is installed, for me it&#8217;s public_html<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-616\" alt=\"thefile\" src=\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/thefile.png\" width=\"624\" height=\"536\" srcset=\"https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/thefile.png 624w, https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/thefile-300x257.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/p>\n<p>3) edit the file (select it then click on edit)<br \/>\nadd the following line to the file:<\/p>\n<p>Options -Indexes<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-617\" alt=\"htaccess-browserfolders\" src=\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/htaccess-browserfolders.png\" width=\"426\" height=\"403\" srcset=\"https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/htaccess-browserfolders.png 426w, https:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/htaccess-browserfolders-300x283.png 300w\" sizes=\"auto, (max-width: 426px) 100vw, 426px\" \/><\/p>\n<p>Save the file and that&#8217;s it!! Give it a try!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have been working on a blog post for over a week now a while regarding WordPress security and as I was going through my notes I had an idea : so I picked 5 websites randomly from people that belong to a facebook group where I hang out regularly to check if their uploaded [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[36,7,6],"tags":[40,41,38,37],"class_list":["post-487","post","type-post","status-publish","format-standard","hentry","category-security","category-technical-tips","category-wordpress-tips","tag-content-protection","tag-wordpress-hackers","tag-wordpress-protection","tag-wordpress-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Can anyone still your website content? Find out if you&#039;re protected<\/title>\n<meta name=\"description\" content=\"If you have a WordPress site you absolutely need to read this: how to check if your content is accessible by anyone + quick fix to protect your downloads\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nathalie DOREMIEUX\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/\"},\"author\":{\"name\":\"Nathalie DOREMIEUX\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/8ca103ff9c8097bdcf31526b19ed8739\"},\"headline\":\"Can anyone steal your content? Find out now if you&#8217;re protected\",\"datePublished\":\"2013-05-23T09:36:53+00:00\",\"dateModified\":\"2014-02-11T13:45:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/\"},\"wordCount\":394,\"commentCount\":17,\"image\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png\",\"keywords\":[\"content protection\",\"wordpress hackers\",\"wordpress protection\",\"wordpress security\"],\"articleSection\":[\"Security\",\"Technical Tips\",\"WordPress Tips\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/\",\"url\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/\",\"name\":\"Can anyone still your website content? Find out if you're protected\",\"isPartOf\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png\",\"datePublished\":\"2013-05-23T09:36:53+00:00\",\"dateModified\":\"2014-02-11T13:45:20+00:00\",\"author\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/8ca103ff9c8097bdcf31526b19ed8739\"},\"description\":\"If you have a WordPress site you absolutely need to read this: how to check if your content is accessible by anyone + quick fix to protect your downloads\",\"breadcrumb\":{\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage\",\"url\":\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png\",\"contentUrl\":\"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wphelpclub.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Can anyone steal your content? Find out now if you&#8217;re protected\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/#website\",\"url\":\"https:\/\/wphelpclub.com\/blog\/\",\"name\":\"WP Help Club Blog\",\"description\":\"WordPress Tutorials and News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wphelpclub.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/8ca103ff9c8097bdcf31526b19ed8739\",\"name\":\"Nathalie DOREMIEUX\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/82baece9470e0852eb4cf26a2f1eb24d0edc65a0105410afaedc0764bd27b174?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/82baece9470e0852eb4cf26a2f1eb24d0edc65a0105410afaedc0764bd27b174?s=96&d=mm&r=g\",\"caption\":\"Nathalie DOREMIEUX\"},\"sameAs\":[\"http:\/\/wphelpclub.com\",\"https:\/\/x.com\/https:\/\/twitter.com\/natdoremieux\"],\"url\":\"https:\/\/wphelpclub.com\/blog\/author\/nathalie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Can anyone still your website content? Find out if you're protected","description":"If you have a WordPress site you absolutely need to read this: how to check if your content is accessible by anyone + quick fix to protect your downloads","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/","twitter_misc":{"Written by":"Nathalie DOREMIEUX","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#article","isPartOf":{"@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/"},"author":{"name":"Nathalie DOREMIEUX","@id":"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/8ca103ff9c8097bdcf31526b19ed8739"},"headline":"Can anyone steal your content? Find out now if you&#8217;re protected","datePublished":"2013-05-23T09:36:53+00:00","dateModified":"2014-02-11T13:45:20+00:00","mainEntityOfPage":{"@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/"},"wordCount":394,"commentCount":17,"image":{"@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage"},"thumbnailUrl":"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png","keywords":["content protection","wordpress hackers","wordpress protection","wordpress security"],"articleSection":["Security","Technical Tips","WordPress Tips"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/","url":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/","name":"Can anyone still your website content? Find out if you're protected","isPartOf":{"@id":"https:\/\/wphelpclub.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage"},"image":{"@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage"},"thumbnailUrl":"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png","datePublished":"2013-05-23T09:36:53+00:00","dateModified":"2014-02-11T13:45:20+00:00","author":{"@id":"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/8ca103ff9c8097bdcf31526b19ed8739"},"description":"If you have a WordPress site you absolutely need to read this: how to check if your content is accessible by anyone + quick fix to protect your downloads","breadcrumb":{"@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#primaryimage","url":"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png","contentUrl":"http:\/\/wphelpclub.com\/blog\/wp-content\/uploads\/2013\/05\/screenshot-uploads.png"},{"@type":"BreadcrumbList","@id":"https:\/\/wphelpclub.com\/blog\/wordpress-content-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wphelpclub.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Can anyone steal your content? Find out now if you&#8217;re protected"}]},{"@type":"WebSite","@id":"https:\/\/wphelpclub.com\/blog\/#website","url":"https:\/\/wphelpclub.com\/blog\/","name":"WP Help Club Blog","description":"WordPress Tutorials and News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wphelpclub.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/8ca103ff9c8097bdcf31526b19ed8739","name":"Nathalie DOREMIEUX","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wphelpclub.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/82baece9470e0852eb4cf26a2f1eb24d0edc65a0105410afaedc0764bd27b174?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/82baece9470e0852eb4cf26a2f1eb24d0edc65a0105410afaedc0764bd27b174?s=96&d=mm&r=g","caption":"Nathalie DOREMIEUX"},"sameAs":["http:\/\/wphelpclub.com","https:\/\/x.com\/https:\/\/twitter.com\/natdoremieux"],"url":"https:\/\/wphelpclub.com\/blog\/author\/nathalie\/"}]}},"_links":{"self":[{"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/posts\/487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/comments?post=487"}],"version-history":[{"count":1,"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/posts\/487\/revisions"}],"predecessor-version":[{"id":995,"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/posts\/487\/revisions\/995"}],"wp:attachment":[{"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/media?parent=487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/categories?post=487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wphelpclub.com\/blog\/wp-json\/wp\/v2\/tags?post=487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}