/** Try to create the index.php file in the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listing */
public static function fix_preventDirectoryListing()
{
global $wpsPluginAlertsArray;
$actionName = $wpsPluginAlertsArray['fix_wp_dir_listing']['name'];
$alertType = $wpsPluginAlertsArray['fix_wp_dir_listing']['type'];
/* This check is important so this function will run only if the user enables it. */
if (!self::isSettingEnabled(__FUNCTION__)) {
self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, __('Directory listing check is disabled. This option should be enabled.', WpsSettings::TEXT_DOMAIN), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN), sprintf(__('<p>This plugin can automatically create an empty <strong>index.php</strong> file in the following directories: wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads if
the option <strong>"%s"</strong> is checked on the plugin\'s settings page.</p>', WpsSettings::TEXT_DOMAIN), 'Try to create the index.php file in the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listing'));
return;
} else {
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, __('Directory listing check is enabled.', WpsSettings::TEXT_DOMAIN), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
}
$data = '<?php exit;?>';
$contentDir = trailingslashit(WP_CONTENT_DIR);
$pluginsDir = $contentDir . 'plugins';
$themesDir = $contentDir . 'themes';
$uploadsDir = $contentDir . 'uploads';
$actionName = $wpsPluginAlertsArray['fix_wp_index_content']['name'];
$alertType = $wpsPluginAlertsArray['fix_wp_index_content']['type'];
$file = $contentDir . '/index.php';
if (is_dir($contentDir)) {
if (is_file($file)) {
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
if (is_writable($contentDir)) {
WsdUtil::writeFile($file, $data);
@chmod($file, '0644');
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN), sprintf(__('<p>This plugin can automatically create an empty <strong>index.php</strong> file in the following directories: wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads if
the option <strong>"%s"</strong> is checked on the plugin\'s settings page.</p>', WpsSettings::TEXT_DOMAIN), 'Try to create the index.php file in the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listing'));
}
}
}
$actionName = $wpsPluginAlertsArray['fix_wp_index_plugins']['name'];
$alertType = $wpsPluginAlertsArray['fix_wp_index_plugins']['type'];
$file = $pluginsDir . '/index.php';
if (is_dir($pluginsDir)) {
if (is_file($file)) {
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/plugins'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
if (is_writable($pluginsDir)) {
WsdUtil::writeFile($file, $data);
@chmod($file, '0644');
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/plugins'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/plugins'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN), sprintf(__('<p>This plugin can automatically create an empty <strong>index.php</strong> file in the following directories: wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads if
the option <strong>"%s"</strong> is checked on the plugin\'s settings page.</p>', WpsSettings::TEXT_DOMAIN), 'Try to create the index.php file in the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listing'));
}
}
}
$actionName = $wpsPluginAlertsArray['fix_wp_index_themes']['name'];
$alertType = $wpsPluginAlertsArray['fix_wp_index_themes']['type'];
$file = $themesDir . '/index.php';
if (is_dir($themesDir)) {
if (is_file($file)) {
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/themes'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
if (is_writable($themesDir)) {
WsdUtil::writeFile($file, $data);
@chmod($file, '0644');
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/themes'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/themes'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN), sprintf(__('<p>This plugin can automatically create an empty <strong>index.php</strong> file in the following directories: wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads if
the option <strong>"%s"</strong> is checked on the plugin\'s settings page.</p>', WpsSettings::TEXT_DOMAIN), 'Try to create the index.php file in the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listing'));
}
}
}
$actionName = $wpsPluginAlertsArray['fix_wp_index_uploads']['name'];
$alertType = $wpsPluginAlertsArray['fix_wp_index_uploads']['type'];
$file = $uploadsDir . '/index.php';
if (is_dir($uploadsDir)) {
if (is_file($file)) {
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/uploads'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
if (is_writable($uploadsDir)) {
WsdUtil::writeFile($file, $data);
@chmod($file, '0644');
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/uploads'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN));
} else {
self::alert($actionName, $alertType, WpsSettings::ALERT_MEDIUM, sprintf(__('<strong>"%s"</strong> directory is not secure from directory listing.', WpsSettings::TEXT_DOMAIN), '/wp-content/uploads'), __('<p>A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
The specific risks and consequences vary depending on which files are listed and accessible.
Therefore, it is important to protect your directories by having an empty index.php or index.htm file inside them.</p>', WpsSettings::TEXT_DOMAIN), sprintf(__('<p>This plugin can automatically create an empty <strong>index.php</strong> file in the following directories: wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads if
the option <strong>"%s"</strong> is checked on the plugin\'s settings page.</p>', WpsSettings::TEXT_DOMAIN), 'Try to create the index.php file in the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listing'));
}
}
}
}
