Protecting directories in vBulletin & WordPress

What vBulletin directories, other than admincp can be .htaccess protected without disrupting functionality?

What about in WordPress?

 

In vBulletin you can close off the admincp, modcp, install and includes directory without affecting functionality. It also allows the attachments directory to be stored above the webroot or closed off with .htaccess.

In wordpress, you should be able to block of wp-admin and wp-includes with .htaccess. However the wp-content directory should be web accessible.

One thing to do is to turn off directory listing and add a blank .html file in the directory or you could use PHP to direct them to the Site Map of your site. That way unless they know the exact path, they can't explore.

 

That's a failure within vBSEO then and should be considered a security risk in that addon.

I was thinking about buying vBSEO but I don't even upload the modcp folder on sites that I administrate so that would be a deal killer if the addon doesn't work properly without it.

 

Were you ever given a reason as to why it doesn't work properly? As Wayne said, this is a huge fall-back but I'm curious to know why it's so vital.

 

vBulletin, Well I Admin Only On One Site Of vBulletin. Web Access? How Can We Protect?

 

You can always rename your directories.

 

I'd like to know more about this, too. It seems odd that it would be this way.

 

Just the Mod CP or the Admin CP as well? I could probably live without the Mod CP...

 

I think he implied just the ModCP. It would be a huge shame if he meant the AdminCP as well, though.