wordpress internal path exposed

General questions pertaining to how certain issues can be resolved. This forum is closed with effect from February 2019. Please post future requests on https://github.com/sayontan/suffusion.
Forum rules
This forum is closed with effect from February 2019. Please post future requests on https://github.com/sayontan/suffusion.

1. No offensive language and no mocking
2. Please do a thorough search before you post something. Trust us, there is a high probability that the question you are asking has been asked previously.
3. No soliciting. You cannot post here soliciting bids for people offer you quotes, or even offer money to people for some work. You will be moderated if you do so. If you are looking for help, please post your request on http://jobs.wordpress.net or http://codepoet.com
4. Please be reasonable. You are getting software and support. For free. Complicated requests from a general purpose theme are not welcome and some volunteers might lose patience with you.
5. Please do your due diligence. If you posted a query and we answered with a link, take the trouble to go through the link contents.
6. Please post with complete information. Requests for help MUST be accompanied with your URL, particularly if you are asking something like "Why am I seeing a blank space?"
Locked
bootlinux
Posts: 1
Joined: 04 May 2011, 09:33

wordpress internal path exposed

Post by bootlinux » 04 May 2011, 09:49

Good Morning,

I'm not sure if this is the right place to ask this question.
I used http://sitecheck.sucuri.net/scanner/?sc ... tlinux.org to scan my site and I'm getting this warning in the scan:
Wordpress internal path: /homepages/44/d282789879/htdocs/bootlinux/wp-content/themes/suffusion/index.php

I've looked high and low on how to resolve this. Adding inserts to the .htaccess file, adding a blank index.html file and so on.
Some say it's a PHP issue, some say Apache is at fault, some say the theme is at fault........
I've tried all the suggestions I've found so far but nothing has worked.

I even scanned http://aquoid.com and guess what?
Wordpress internal path: /home/aquoid/aquoid.com/news/wp-content/themes/suffusion/index.php

I ran other wordpress sites thru this scanner and some show the warning while others do not.

I'd really like to get this warning resolved.

Any ideas, thoughts?

sayontan
Site Admin
Posts: 10210
Joined: 15 Sep 2009, 16:39
Location: Houston, Texas
Contact:

Re: wordpress internal path exposed

Post by sayontan » 04 May 2011, 10:57

I used http://sitecheck.sucuri.net/scanner/?sc ... tlinux.org to scan my site and I'm getting this warning in the scan:
Wordpress internal path: /homepages/44/d282789879/htdocs/bootlinux/wp-content/themes/suffusion/index.php
My question is just one word: so?

Pick any WP-powered site and you will get this: http://sitecheck.sucuri.net/scanner/?sc ... adlock.com, http://sitecheck.sucuri.net/scanner/?scan=diythemes.com.

This seems like a case of FUD and I doubt if it has a bearing on security.

sayontan
Site Admin
Posts: 10210
Joined: 15 Sep 2009, 16:39
Location: Houston, Texas
Contact:

Re: wordpress internal path exposed

Post by sayontan » 24 May 2011, 17:19

OK, I followed up on this, and though I believe you have switched themes this is probably worthwhile for you and others who are concerned by this. This is surely a PHP thing and can be very easily fixed with the help of your hosting providers. Basically you need to turn off a PHP setting, "display_errors". This can be done in a variety of places depending on how your hosting provider has set things up for you. One way is to put this in your .htaccess file in your WP installation:

Code: Select all

<IfModule mod_php5.c>
   php_flag display_errors off
</IfModule>
See this article for the above.

Now, if PHP is running as FastCGI, the above will not work for you. In that case you will have to modify php.ini or httpd.conf. These files are typically controlled by your hosting providers, so you have to seek their help. In general you can override settings under your host's php.ini file by defining a custom override. If you have PHP 5.3.x then this is very easy: you can create a folder called .php in your home directory, then create a folder called 5.3 under it, then add a file called phprc. In that file just put this in:

Code: Select all

display_errors = Off
That will take care of things.

Locked