Commenting on my most recent post about security issues I’ve had with one of my WordPress websites, Dane has mentioned that keeping up to date all your plugins can help you to reduce the risk of having your website compromised:
That is why it’s so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.
So I went ahead and did major clean up in respect to plugins I was using on this blog. But I also did something more. By default, with WordPress “out of the box”, you are advertising to the entire world what plugins you are using on your website- just put into your browser following path and you will see what I am talking about: yourblog/wp-content/plugins/. This can be very easily prevented by placing an empty “index.php” or “index.html” file into “plugins” directory on your server. Or if you want to have a little more fun you can be creative with that file- here is mine.
Now this of course may not make your WordPress super secure but it for sure will make things a little more difficult for some one to get into your blog by hacking one of the plugis if you stop advertising your plugins to the whole world.
I'm embarrassed to discover that I had no protection! I have in the past had problems with hackers, and I thought I had my blogs locked down enough. It's clear that I don't!
I tried the Index Manager solution that one of the commenters mentioned, and it's easy and it works. I don't like any of my directories to be open and viewable.
Thanks for publishing this!
I’m embarrassed to discover that I had no protection! I have in the past had problems with hackers, and I thought I had my blogs locked down enough. It’s clear that I don’t!
I tried the Index Manager solution that one of the commenters mentioned, and it’s easy and it works. I don’t like any of my directories to be open and viewable.
Thanks for publishing this!