I’ve talked previously about How To Protect Your WordPress Site With Some Simple Tweaks To The .htaccess. In today’s guide, we are going to go one step further and set-up some custom error pages to stop your website from showing sensitive data that a hacker could use to exploit your website.
If you followed the advice in my previous article and enabled directory browsing, for example when you type ‘www.yourdomain.com/wp-content/uploads/’ you should see this error:
This one tells users that a file exists and in some circumstances you may return a default error page that contains information about your webroots file path. Instead, it’s a lot more secure to only show a blank screen. This can be done quite simply. First create a file called error.html and use this:
<html> <head> </head> <body> Nope </body> </html>
In your .htaccess file you then need to add this snippet:
ErrorDocument 403 /error.html
Obviously, you can change 403 to any error status you want. When you now visit ‘www.yourdomain.com/wp-content/uploads/’ you will see this:
In today’s guide, we’ve covered how to set-up a custom error page for our newly protected WordPress site. By using the Redirect command, the error code status and the file we want to redirect to, we can hide potential insecure data being exposed to hackers.