Watch Your WordPress Plugins Directory

This is a expansion on marks article today on weblog tools collection:

Check this link See all the peoples wordpress directory’s that are open for public browsing? eek!

Why is this dangerous? Well when a exploit is found (its never if its always when) people can EASILY use Google to find who is running what plugin and exploit your server. Most of the plugins have not been gone over very well for security and I expect there are many out there that allow remote shell and various db exploits but just have not been uncovered yet.

Now who is at fault for this?

I blame #1 – you. You should have disabled public browsing of folders.

I blame #2 – WordPress. C’mon Matt just put a blank index.php file in the folder =P

I was first alerted about this by Bill Hartzer last month and I just simply made a blank index.php file in my WordPress directory.

BUT as you can see google has a really through index of my wordpress directorys (yes i failed rule #1)

So now

Here is how you disable it in .htaccess –

Options All -Indexes

Now this is not a major security flaw of wordpress or a huge security risk im not trying to make it sound like that… I just think a little work on your part(s) could potentially avoid a security issue.