I’m embarassed to say that I actually knew this tip a while ago, but never got around to implementing it until I read about it *again* today. Embarassed because this blog has been hacked a few times, and in a fairly devious fashion as well, sometimes perhaps because of an old Wordpress installation — or, perhaps because of insecure folders (which makes me think someone behind Wordpress should really fix it).
What’s this tip? Oh, a simple fix to get around securing your Plugins folder.
If you’re running Wordpress, unless you’ve already locked down your Wp-content folder with some .htaccess fixes, you may not notice that your Wp-content/plugins folder is naked and bare to the world. That is, navigate to http://www.yourblogname.com/wp-content/plugins and you may find a directory listing of your plugins folder, files and all. How do you fix it? Easy. Just upload an empty index.html into the wp-content/plugins folder and its all fixed.
Just out of curiosity, I decided to check the plugins folders of some other bloggers that I knew — whole some did have this fixed, a surprising number did *not*.
If you haven’t locked down your plugins folder, please do so, because for many people its showing, and its just about as easy to fix as doing up your zipper.
