The Hole In Your WordPress Site

Posted on June 17th, 2014 by Jean

If you have a self-hosted wordpress website, chances are that you have a hole in your site. A hole that allows others unrestricted access to your jpg, pdf and movie files.

To find out, type in your wordpress site followed by /wp-content/uploads

Do you see what I see?

wordpress files exposed

Those are your uploads divided by year. Inside of each year, your uploads are divided by month. And I, or anyone, have access.

I stumbled upon this by accident, accessing the motherload of a file of which I cannot divulge. When I looked at my browser bar, I saw the website’s address followed by /wp-content/uploads

When the realization hit me that MY wordpress files were ALSO vulnerable, I dove into action, finding a way to block access yet still allowing my site to function. What we are striving to do here is have a 403 page pop up telling the web server that access is forbidden.

I found the solution to be very simple. We need to type options -indexes to the bottom of our .htaccess file. Your .htaccess file is in the root directory of your website. You will need to access your ftp files through your website host.

Step 1: Log into your cpanel at your hosting site. It can be https: followed by your site name and then /cpanel

cpanel log in

STEPS 1, 2 AND 3

Step 2: Choose “File Manager”

Step 3: Choose “Home Directory” and check “Show Hidden Files”

Step 4: From your Home Directory, type .htaccess in your search toolbar

edit your htacess file

STEPS 4, 5 AND 6

Step 5: When .htaccess file appears in search results, double click to choose it.

Step 6: Select .htaccess from the list that appears. (For some reason I can never see the .htaccess file prior to searching for it.)

Edit your htaccess file in cpanel



STEP 7: With your .htaccess file selected, choose “Code Editor” from your toolbar menu.

STEP 8: Leave the default settings on the pane which opens, and select “Edit”.

STEP 9: Add Options -Indexes to the last line, and SAVE FILE.

You are done. Go ahead, try to access your site/wp-content/uploads. Do you see a big red 403 message? I do!

403 Forbidden

If you have ANY trouble with this, let me know. I’d be more than happy to help.

Pixlr | Free Online Photo Editor

Posted on October 16th, 2013 by Jean

This is a fun tutorial to show how to use Pixlr Express, a free online photo editor. It can give your photos a fresh, unique look. I use it to create collages.

Pixlr Collage by Jean photo JeanPixlrcollage_zps2b6efa54.jpg

The steps are easy.

1. Visit Pixlr Express and “click” Collage. Choose Layout, upload your photos and begin editing.

Pixlr Tutorial

2. To apply different effects to each photo, click on the paintbrush at the top of each photo. Apply effects, then save to return to the collage.

Pixlr Tutorial step 2

3. To apply the same effect to all of the photos, choose finished. Then apply effects.

Pixlr Tutorial step 3

Edit options include Adjustment, Effect, Overlay, Border, Sticker, and Text. Select each one to see your choices. With Adjustment, you can rotate, crop, lighten, etc. Effects contain the filters. Overlays are bursts of images.

Pixlr Effects

When finished, save to your computer.

Pixlr Tutorial save

My edits in the top collage were as follows:
Top Left = Jenna Sue Text
Top Right = Hagrid Effect
Bottom Left = Satya, Gram, Helena and Hans Effects
Bottom Right = Tom and Ingrid Effects, bronze and Roger Overlays


Here’s one my daughter made! Now I’m holding a pop-tart while a monkey plays on the lawn. Super sweet!

Pixlr Express is also available to download for FREE to your iPad or iPhone.

Give it a try, and share your results!

Simply Instagram Plugin

Posted on November 7th, 2012 by Jean

I just installed the Simply Instagram Plugin which allows me to include my Instagram feed in my wordpress sidebar. Once installed and the settings updated, you drag the Simply Instagram: Recent Media widget to your sidebar, and customize your title, description, # of photos, etc. The Simply Instagram: Latest Feed actually shows photos of those you follow instead of your own photos.
Before installing this particular widget, I installed the Easy Instagram plugin, but not only was it complicated to activate, but it showed my full name under my photos. Editing my Instagram profile did not correct the problem, and neither did deactivating/reactivating the plugin.
Have you been bit by the Instagram bug?
Follow @shoppingjean