Deep Jive Interests » Plugins http://www.deepjiveinterests.com Thoughts on Web 2.0, Social Media, Marketing. Thu, 23 Dec 2010 02:51:05 +0000 en hourly 1 http://wordpress.org/?v=abc How’s Your Wp-Content/Plugins Folder Doing? Secure? Are You Sure? http://www.deepjiveinterests.com/2008/01/19/hows-your-wp-contentplugins-folder-doing-secure-are-you-sure/ http://www.deepjiveinterests.com/2008/01/19/hows-your-wp-contentplugins-folder-doing-secure-are-you-sure/#comments Sat, 19 Jan 2008 16:12:21 +0000 Tony Hung http://www.deepjiveinterests.com/2008/01/19/hows-your-wp-contentplugins-folder-doing-secure-are-you-sure/

Read the rest of this entry »

]]> I’m embarassed to say that I actually knew this tip a while ago, but never got around to implementing it until I read about it *again* today.  Embarassed because this blog has been hacked a few times, and in a fairly devious fashion as well, sometimes perhaps because of an old WordPress installation — or, perhaps because of insecure folders (which makes me think someone behind WordPress should really fix it).

What’s this tip?  Oh, a simple fix to get around securing your Plugins folder.

If you’re running WordPress, unless you’ve already locked down your Wp-content folder with some .htaccess fixes, you may not notice that your Wp-content/plugins folder is naked and bare to the world.  That is, navigate to http://www.yourblogname.com/wp-content/plugins and you may find a directory listing of your plugins folder, files and all.  How do you fix it?  Easy.  Just upload an empty index.html into the wp-content/plugins folder and its all fixed.

Just out of curiosity, I decided to check the plugins folders of some other bloggers that I knew — whole some did have this fixed, a surprising number did *not*.

If you haven’t locked down your plugins folder, please do so, because for many people its showing, and its just about as easy to fix as doing up your zipper.

]]> http://www.deepjiveinterests.com/2008/01/19/hows-your-wp-contentplugins-folder-doing-secure-are-you-sure/feed/ 18