Watch Your WordPress Plugins Directory

This is a expansion on marks article today on weblog tools collection:

Check this link See all the peoples wordpress directory’s that are open for public browsing? eek!

Why is this dangerous? Well when a exploit is found (its never if its always when) people can EASILY use Google to find who is running what plugin and exploit your server. Most of the plugins have not been gone over very well for security and I expect there are many out there that allow remote shell and various db exploits but just have not been uncovered yet.

Now who is at fault for this?

I blame #1 – you. You should have disabled public browsing of folders.

I blame #2 – WordPress. C’mon Matt just put a blank index.php file in the folder =P

I was first alerted about this by Bill Hartzer last month and I just simply made a blank index.php file in my WordPress directory.

BUT as you can see google has a really through index of my wordpress directorys (yes i failed rule #1)

So now

Here is how you disable it in .htaccess –

Options All -Indexes

Now this is not a major security flaw of wordpress or a huge security risk im not trying to make it sound like that… I just think a little work on your part(s) could potentially avoid a security issue.

About The Author

Comments 41

  1. nick
  2. Bill Hartzer
  3. Erik
  4. Jayson Williams
  5. How To Buy Websites
  6. Eduardo Maio
  7. Bill Hartzer
  8. TheHostHunter
  9. Bill Hartzer
  10. Scot Smith
  11. Scot Smith
  12. CPA Affiliates
  13. Kn10
  14. TheHostHunter
  15. jim
  16. nick
  17. Ken Savage
  18. Ken Savage
  19. ritchie
  20. ritchie
  21. ritchie
  22. The Dino
  23. eTown Landlord
  24. eTown Landlord
  25. A.J.
  26. website copywriter
  27. Travel Notebook
  28. eTown Landlord
  29. JerkyBeef
  30. Bill Hartzer
  31. Learn SEO
  32. Cheng-Hao Liang
  33. Paul.
  34. Joeychgo
  35. Dennis Bjørn Petersen
  36. SEO Reloaded
  37. Modern Worker
  38. Trevor McNotDonald
  39. Emil Nasarenko
  40. Real Cash Gifting
  41. usedwatchesreview
Weapons Of Marketing
My Legal Issues & Downloadable Resources
ACT Affiliate Marketing Method & Download
FaceBook Ninja Marketing Presentation
Interviewing Darren Rowse Of Problogger
Sarah East From PopCrunch – *NSFW* – Most Awkward Interview Ever
I Spill it All To Andrew Warner
Interviewing Penn Jillette @ TC 50
How To Be Successful Making Money Online (keynote)
NamesCon Keynote Talk (Domain Name Focused)
Affiliate Summit 2012 Closing Keynote With Slides
FaceBook Ninja Marketing Presentation