Today I found something that annoying me when I tried to test the security hole by displaying the theme directory for one of my website that using Atahualpa theme version 3.5.1. Some error messages appeared when I tried to access such address: h++p://www.mydomain.com/wp-content/themes/atahualpa351/ . This error message caused by the using of unknown TEMPLATEPATH constant if this file accessed directly without from the index of the website itself. So, here is the modification I created to display “Access denied” message instead of error message that displaying the path of the theme directory in my web server.
Open your wp-content/themes/{youratahualpadirectoryname}/index.php file, and find this code:
3 | include (TEMPLATEPATH . '/functions/bfa_get_options.php'); |
before that line of code, please insert this following code:
2 3 4 | if ( !file_exists(TEMPLATEPATH . '/functions/bfa_get_options.php') ) { die('Sorry, access denied for displaying this directory!'); } |
then save the changes.
That’s it! Now you should see the better error message than before if your visitor trying to display your theme directory. 
[...] Open Script Solution » How to Avoid Error Message When Your … [...]