Wordpress Plugin Folder Security
One of the problems with Wordpress is that the plugins folder is wide open to viewers by default. Don’t believe me? Visit your plugin folder via the internet and see.
http://www.yourdomain.com/wp-content/plugins/
Now, if a hacker can see and find them, the search engines can index them, well, if a plugin has a security hole in it that can be exploited, you are wide open.
So, how do you close this hole?
You can block access to the plugin folder by two methods that are easily accomplished.
First, you can open your text editor, write some jibber-jabber or a “nice” message that someone would see if they are attempting to read your plugins folder. Save this file as “index.html” and upload it to the plugins folder. Don’t worry, it won’t hurt anything. This will show people a blank page or whatever message you entered if they try the trick to see what you are using or have in your plugins folder.
Secondly, you can modify your .htaccess file. I am in no way an expert with .htaccess files. I found this solution in a couple of other spots and have put it in place and it seems to work.
At the top of your .htaccess file put this:
# Prevents directory listing
Options -Indexes
Now that will also block access to the plugins folder, but more so for the search engines also. This way Googlebot and other bots won’t index your plugins folder for the entire world to see.
Now, you want to see how many people don’t know this? Visit Google and type in:
Index of /wp-content/plugins
Now thats a lot of open plugin folders!
Are you new to blogexplosion.net? Subscribe to our RSS Feed to keep up to date with our latest posts.
Technorati Tags: prevent indexing of wordpress plugin folder, wordpress plugin security, wordpress security
Wordpress Plugin Folder Security | Blog Explosion dot NET…
One of the problems with the great Wordpress blogging platform is some of the crazy lack of security that has gone into the system. One of the worst and easiest potential security weaknesses is the plugins folder on your Wordpress site.
Why? Well, i…
Boy this is scary. The fix sounds pretty scary too.
You know I am not too techie. To say the least!
so..I put this at the very top (# Prevents directory listing
Options -Indexes) before anything else on the page?
Man I have a lot of sites to do this to.
djnuttalls last blog post..The Affiliate Academy Teaches How to Make Money Online
Denise, this goes into the root .htaccess not each individual .htaccess file. I guess I forgot to put that part in their! It should work just fine at the top of the file, I haven’t had any problems on my hostgator file.
I guess I am confused. What is the root? You mean in Hostgator?
Now do you just put the “#” sign or the whole “# Prevents directory listing
Options -Indexes”?
djnuttalls last blog post..The Affiliate Academy Teaches How to Make Money Online
It goes into the public_html .htaccess file. If you are using the hostgator reseller package, you will need to put that at the top of each .htaccess file for each account.
You don’t have to put the line with the #, only the “Options -Indexes” without the quotes should work…
Hi, thank god i found this article! I’m already put the “Options -Indexes” on my .htaccess. But,.. my plugins folder already indexed by google. Can it be removed automatically?? if not, how to remove it??
Thanks
If I were you this is an opportunity to get traffic back to your main site. Just create an index file like he says and put a banner, affiliate link, or just a plain link back to your home page/main URL.
I never heard of this before, thanks for the tip
stubsys last blog post..Really interesing links
This is shocking! I never knew there is such a security loophole waiting to be exploited cheaply. Thanks for pointing it out. I will go with the first option you suggested. Thanks.
Nigerian Entrepreneurs last blog post..Online Forex Trading