There is no "i agree or disagree" i'm afraid.
I checked several other security issues of HIS site (a habbit of mine) and found also an other related one. So he has a problem.
The goal here is not to hide the problem of a wrong server or website security setup, but to point the problem to the user so he can ask for a fix to his hosting.
Hiding a problem is not good because this will come back in some other form, and the user will get here and blaim wpForo plugin or suggest that the problem is somehow related. And we do not want that.
It is like some people saying that if a warning/notice/error shows in debug of Wordpress, then just turn off the debug and we are all good.
Finally FYI all files and directories are by DEFAULT 644 & 755 and no index is set to all directories without the need to include that in .htaccess. That is IF a server or plan is correctly set.
My apologies for my previous post, I got irked and felt berated. My own defenses kicked in. I mean no disrespect to this Community or the Staff and the Support Team.
So now going back to the issue reported in the Bug Report Forum, a question by @tomiradi, which is the real important matter here:
The following wpforo subfolders (and their corresponding subfolders) show the Index of the following:
wpf-admin
wpf-assets
wpf-includes
wpf-languages <- only this one has the blank index.php
wpf-themes
The OP, tomiradi, reported that the "folder displays". I checked my own installation and I saw it on mine too, so I made the above suggestion (to create an index.html file and upload it to the specific folders that don't have it.).
I don't know if this is by design, or a bug, since when I checked the wpforo website, the same index also displays here on the wpForo website as well (please see attached screenshot).
https://wpforo.com/wp-content/plugins/wpforo/wpf-assets/
If I may suggest, maybe on future updates, to add an index.php to these folders and subfolders, so that the folders do not display, as this would in effect, disable the directory listing.
I am suggesting this for the benefit of those of us who are not so high-tech as the other long time member projects here, making people like me and other newbies feel stupid because he goes out of his way to actually write condescendingly to others, whose technical knowledge he deems to be lower than his, without actually providing ANY actionable help.
A solution that helps one, can help many. But insulting someone who reports a bug, or berating someone who offers an actionable suggestion in the hope of fixing an issue, is out of place, especially in the absence of another much better actionable suggestion.
People go here to request for assistance, we (members) shouldn't be afraid to do that in fear of being insulted by another member.
We were all once newbies at this. Mastering this forum plugin doesn't make any of us "experts", it just means we learned it sooner. And the newbies will learn it too, provided that others encourage and explain it to them in a non-judgmental way. 🙂
I hope you can enlighten us Robert, or Sofy, or Martin, on how to best proceed with the issue of these folders and subfolders displaying, in accordance to your own best practice, as you are the TRUE developers of this great Forum, you would know how to troubleshoot this best.
I'm attaching the screenshot of the folders displaying, which also displays here at the wpForo website.
https://wpforo.com/wp-content/plugins/wpforo/wpf-assets/
Thanks! 🙂
This is what i get in all my installations without any changes in my htaccess (no index or whatever).
But here also in this site, i can see files and directories and also VIEW files (js or png etc) as the above poster says (along with some drama).
Because your hosting company (or anyone else who did the server setup) didn't set this correctly.
Edit your .htaccess and add line:
Options -Indexes
This has nothing to do with wpForo or even Wordpress.
Hi @anonymous20,
Thank you for your help indeed, you know that we really appreciate it, you've helped lots of wpForo members since the community is opened, but I have to ask you again to be tolerant to other users suggestions and helps. You should only care about your suggestions and don't do sharp comments on other members posts. You can report any post you think is incorrect, but please don't force your opinion to other members.
There is nothing so dangerous here for sure. This is an alternative solution that is used very often by software developers and website administrators. On the other hand all solutions are not 100% safe in case a pro hacker decided to hack your website.
@tomiradi, you can use which solution you want, both are correct:
by @crisw: https://wpforo.com/community/general-forums-bug-reports/directory-visible/#post-39222
by @anonymous20: https://www.netsparker.com/blog/web-security/disable-directory-listing-web-servers/
Thank you for your understanding. The topic is closed.