Comments on: Do Yourself A Favor-Stop Advertising Your Plugins To The Whole World

By: Ben Holmes

Ben Holmes — Mon, 22 Oct 2007 19:40:10 +0000

I’m embarrassed to discover that I had no protection! I have in the past had problems with hackers, and I thought I had my blogs locked down enough. It’s clear that I don’t!

I tried the Index Manager solution that one of the commenters mentioned, and it’s easy and it works. I don’t like any of my directories to be open and viewable.

Thanks for publishing this!

By: Ben Holmes

Ben Holmes — Mon, 22 Oct 2007 18:40:10 +0000

I'm embarrassed to discover that I had no protection! I have in the past had problems with hackers, and I thought I had my blogs locked down enough. It's clear that I don't!

I tried the Index Manager solution that one of the commenters mentioned, and it's easy and it works. I don't like any of my directories to be open and viewable.

Thanks for publishing this!

By: Dane Morgan

Dane Morgan — Sat, 20 Oct 2007 04:23:32 +0000

I’m not sure how much value this will specifically bring to your security. Most attackers aren’t going to bother checking to see if you have a compromised plugin installed. They simply amass domain listings of WP installs and use robots to launch the attack against each blog on the list.

That said, I can think of other good reasons to do this anyways, and not only in the plugins folder, but every folder that does not have an explicit index.php file already in it (root & admin).

Also as I like to say, site security is a lot like car alarms. Nothing you do that leaves your site usable can tottaly prevent someone who really wants in from getting in. But there are lots of little things you can do to make it easier to just hit someone else.

@ lucia. Back when I did porn I actually created fake Apach directory list pages. All of the listed images were of course links to rev share programs.

By: Dane Morgan

Dane Morgan — Sat, 20 Oct 2007 03:23:32 +0000

I'm not sure how much value this will specifically bring to your security. Most attackers aren't going to bother checking to see if you have a compromised plugin installed. They simply amass domain listings of WP installs and use robots to launch the attack against each blog on the list.

That said, I can think of other good reasons to do this anyways, and not only in the plugins folder, but every folder that does not have an explicit index.php file already in it (root & admin).

@ lucia. Back when I did porn I actually created fake Apach directory list pages. All of the listed images were of course links to rev share programs.

By: Lea

Lea — Fri, 19 Oct 2007 12:00:19 +0000

Darn, and I thought you were being clever

By: Vlad

Vlad — Fri, 19 Oct 2007 11:17:16 +0000

Lea,

lol no that was not done on purpose, just one of those dyslexic moments

By: Lea

Lea — Fri, 19 Oct 2007 11:00:19 +0000

Darn, and I thought you were being clever

By: Vlad

Vlad — Fri, 19 Oct 2007 10:17:16 +0000

Lea,

lol no that was not done on purpose, just one of those dyslexic moments

By: Lea

Lea — Fri, 19 Oct 2007 08:37:21 +0000

I think Lucia is suggesting a good solution
But tell me – did you type ‘webstie’ by accident or on purpose?
I think you’ve just created a new way to describe one’s website

By: Lea

Lea — Fri, 19 Oct 2007 07:37:21 +0000

I think Lucia is suggesting a good solution
But tell me – did you type 'webstie' by accident or on purpose?
I think you've just created a new way to describe one's website