http://www.yourdomain.com/wp-content/plugins/

Now, if a hacker can see and find them, the search engines can index them, well, if a plugin has a security hole in it that can be exploited, you are wide open.

So, how do you close this hole?

You can block access to the plugin folder by two methods that are easily accomplished.

First, you can open your text editor, write some jibber-jabber or a “nice” message that someone would see if they are attempting to read your plugins folder. Save this file as “index.html” and upload it to the plugins folder. Don’t worry, it won’t hurt anything. This will show people a blank page or whatever message you entered if they try the trick to see what you are using or have in your plugins folder.

Secondly, you can modify your .htaccess file. I am in no way an expert with .htaccess files. I found this solution in a couple of other spots and have put it in place and it seems to work.

At the top of your .htaccess file put this:

# Prevents directory listing
Options -Indexes

Now that will also block access to the plugins folder, but more so for the search engines also. This way Googlebot and other bots won’t index your plugins folder for the entire world to see.

Now, you want to see how many people don’t know this? Visit Google and type in:

Index of /wp-content/plugins

Now thats a lot of open plugin folders!