Commenting on my most recent post about security issues I’ve had with one of my WordPress websites, Dane has mentioned that keeping up to date all your plugins can help you to reduce the risk of having your website compromised:
That is why itβs so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.
So I went ahead and did major clean up in respect to plugins I was using on this blog. But I also did something more. By default, with WordPress “out of the box”, you are advertising to the entire world what plugins you are using on your website- just put into your browser following path and you will see what I am talking about: yourblog/wp-content/plugins/. This can be very easily prevented by placing an empty “index.php” or “index.html” file into “plugins” directory on your server. Or if you want to have a little more fun you can be creative with that file- here is mine.
Now this of course may not make your WordPress super secure but it for sure will make things a little more difficult for some one to get into your blog by hacking one of the plugis if you stop advertising your plugins to the whole world.
Hi Vlad,
This is actually a very important precaution for many reasons and bears repeating. So, I stumbled you!
I take care of the issue site wise, and discussed how toHide plugins using .htaccess a while back.
It useful for security, keeping prying eyes out & etc.
Hmmm… seeing your index.php page, I think we clearly need to redirect people to the main page! π
well maybe I am the only one who thinks that all the fun is here π
I am glad you liked it. However I think .htaccess solution is way much better. Believe it or not I do have several web-hosting providers that wan't let you touch .htaccess . Thanks for pointing me to your post!
Well… the fact is, everyone can't catch what's on everyone's blog. Besides, we don't all have the same audience.
Some things do bear repeating, and protecting your plugins from view is one of them and it's not exactly a topic that is rehashed. I thought of it when I stumbled across a site giving people advice on how to find porn in peoples image directories! So, you can see how some people do need to be aware of the need to “hide” their directory listings.
Lucia,
I think I have sent you the url for my home page to stumble instead of this post. π
Hi Vlad,
This is actually a very important precaution for many reasons and bears repeating. So, I stumbled you!
I take care of the issue site wise, and discussed how toHide plugins using .htaccess a while back.
It useful for security, keeping prying eyes out & etc.
Hmmm… seeing your index.php page, I think we clearly need to redirect people to the main page! π
well maybe I am the only one who thinks that all the fun is here π
I am glad you liked it. However I think .htaccess solution is way much better. Believe it or not I do have several web-hosting providers that wan’t let you touch .htaccess . Thanks for pointing me to your post!
Well… the fact is, everyone can’t catch what’s on everyone’s blog. Besides, we don’t all have the same audience.
Some things do bear repeating, and protecting your plugins from view is one of them and it’s not exactly a topic that is rehashed. I thought of it when I stumbled across a site giving people advice on how to find porn in peoples image directories! So, you can see how some people do need to be aware of the need to “hide” their directory listings.
Lucia,
I think I have sent you the url for my home page to stumble instead of this post. π
Hi Vlad,
Great blog btw. sorry if this has been mentioned before, but what would you say are the most essential plugins for a blog?
Cheers.
Hi Vlad,
Great blog btw. sorry if this has been mentioned before, but what would you say are the most essential plugins for a blog?
Cheers.
James,
You really made me laugh. You do not mind if I moderate a little your comment. π
James,
You really made me laugh. You do not mind if I moderate a little your comment. π
That was hilarious. I'm looking to start my 1st WP blog and have been trying to absorb all the information I can. It's pretty amazing though that people actually “hack” your blog. There's got to be a better use of ones time I would think.
Barry,
There are many things that can make hacking much harder but there always be a jerk without something better to do out there.
Welcome to his blog as well! π
That was hilarious. I’m looking to start my 1st WP blog and have been trying to absorb all the information I can. It’s pretty amazing though that people actually “hack” your blog. There’s got to be a better use of ones time I would think.
Barry,
There are many things that can make hacking much harder but there always be a jerk without something better to do out there.
Welcome to his blog as well! π
Good tip on placing an index file in the WordPress plugin folder. If you have cPanel, there is an Index Manager tool that will help you protect any folders without index files from wandering & curious eyes.
In fact, if your server is not already setup by default to not show any files under a folder with no index file, you should look into setting that up. It's not fool proof but it is better than openly broadcasting your files to the world.
Ian,
I think Lucia's solution with .htaccess file does the same what you can do with Index Manager.
Thanks for stopping by!