This Google search for wp-content directory listings should be of interest and concern to all of those folks who have recently set up a WordPress weblog. In short, it shows that everything in those directories—themes, plugins, images, whatever—is accessible from a single common point of reference. If this worries you, you might want to limit access: for those with Apache just add:
Options -Indexesto a .htaccess file in that directory. Other directories from a standard install that may be of similar concern are wp-images and wp-includes; both may be restricted in the same fashion. The standard wp-admin directory includes an index.php file that will generally be used in place of a generated index, but any subdirectories will be open to the public so it might not be a bad idea to block it too. If you don’t want to worry about every individual subdirectory that might appear, add the line above to a .htaccess file in your main WP directory.
