Weekend Wordpress Security Tip: Index.html

Don’t want people knowing which plugins you have installed on your Wordpress? Don’t want people knowing what version it is? If you haven’t done this fix yet for Wordpress, I can go to http://yourblogurl.com/wp-content/plugins and see everything that you have installed and what version it is.

Not so good for security is it?

The Fix:

Make a blank file and save it as “index.html” and upload it to your plugins folder. Now the method above will just produce a blank page.

If your not code savvy – I’ve made one for you to achieve the same thing and can be downloaded here. (Right-Click and select “Save As”, Upload to your plugins folder, and your done)

Related posts:

  1. Weekend Wordpress Security Tip: What To Do When Your Blog Is H4CK3D
  2. Saturday Weekend Security Tip: Remove This Useless Tag
  3. Weekend Wordpress Security Tip: Restrict Your Wp-Admin
This entry was posted in Security and tagged . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Enjoy this post? Theres more to come, so click here to subscribe to our RSS Feed.

11 Comments

  1. Posted August 16, 2008 at 5:20 pm | Permalink

    Great tip Brad, might I also recommend a redirect to the home page?

    gadgets’s last blog post..By: bobeatspizza

  2. Posted August 16, 2008 at 11:48 pm | Permalink

    This is one of the tip that is often overlooked by many. It’s a nice gesture of you to share it here with your readers.@gadget: Care to show how to redirect it to home page? I’m pretty weak on this .htaccess thingy.Yan

    Blog for Beginners’s last blog post..Top 10 Blogging Tips of All Time

  3. Posted August 17, 2008 at 4:18 pm | Permalink

    Oh my gosh, what a shock to see my plugin files like that! I am fixing it now, thanks@!

    Peter Answers’s last blog post..Why Doesn’t Peter Answer Me?

  4. Posted August 18, 2008 at 4:06 pm | Permalink

    @Yan: You can either use an HTML meta refresh tag like so:

    >meta http-equiv=”refresh” content=”2;url=http://somesite.com”< (2 is the number of seconds before the refresh)or do a little php:

    header("Location: http://somesite.com“);

    ?>

    best part is the php one is instant, I think there is a minimum of a 1 second delay with the meta tag.

    gadgets’s last blog post..Augmented reality comes to iPhone, ARToolkit

  5. Posted August 21, 2008 at 2:56 pm | Permalink

    Hmm… I tried it with my blog and didn’t get anything except my error page (I think LOL)
    Interesting though
     

  6. Posted August 22, 2008 at 3:52 pm | Permalink

    @ gadgets – Redirecting to the homepage would be a fine idea!

    @ Peter Answers – Yea, It is pretty pathetic of Wordpress not to automatically install that on every new installation.

    @ gadgets – Thanks for your code wizardry :)

    @ Wendy – LoL! Are you sure you typed it in right??

  7. Posted August 22, 2008 at 7:34 pm | Permalink

    Cool, thanks for the tip, Brad. I’m not aware of it. You know php and me don’t really get along well sometimes…Yan

    Blog for Beginners’s last blog post..20 Possible Ways to Optimize Your Blog

  8. Posted August 23, 2008 at 4:20 am | Permalink

    Glad you liked it Yan. I plan on doing one today (Sat.)

  9. Posted August 24, 2008 at 6:11 am | Permalink

    This is a little security issue that almost missed.

    Armand’s last blog post..Google Adsense Website Temporarily Down

  10. Posted August 24, 2008 at 10:36 am | Permalink

    Hey, it could also be implemented into wp-content/themes and wp-content/uploads folder. Don’t you think to make a little privacy to those folders? I have visited several professional wp blogs and I could see their installed themes. That’s a funny thing, right :)

    Armand’s last blog post..Hiding Installed Plugins For Security Reason

  11. Posted May 16, 2009 at 9:47 pm | Permalink

    Man, I wish all fixes were that easy. I’ve done and tested in on wassublog and it worked a charm and so I will use it on my other blogs. Thanks brad.

2 Trackbacks

  1. By Balkhis Sweet Monday Link Roundup - 08/18/08 on August 18, 2008 at 2:33 am

    [...] Wordpress is a very secure platform. There are alot of other security steps you can take to make it even safer. Did you just miss the simplest one? [...]

  2. By Hiding Installed Plugins For Security Reason on August 24, 2008 at 8:01 am

    [...] see them all by accessing http://www.wpblogname.com/wp-content/plugins. There’s a nice tips I’ve just read and it’s very simple to [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv Enabled

626 RSS Subscribers

Subscribe today to recieve any updates on this blog for free!

You'll also receive, "The Blog Manual" free of charge for being a subscriber which you can download at the bottom of each post.

 


Blog Advertisers

About The Author

Brad Ney

I am a Wordpress enthusiast, part-time website designer, and enjoy using the latest technology via the internet for website promotion.I enjoy writing about startup websites, XHTML, CSS, Wordpress based on what I've learned in the industry.

Become A Facebook Fan!

Reader Poll

  • Are you a...

    View Results

    Loading ... Loading ...

Recent Comments

  • Jayce: Long time did not optimize my blog already. Does this speed up a lot? .-= Jayce´s last blog ..How to...
  • JR @ Internet Marketing: Just became a fan! .-= JR @ Internet Marketing´s last blog ..The Ultimate and Best...
  • Sadia Malik: Hi, Thanks for the tips, I browsed the internet for some ready made templates but they dont quite seem...
  • recklessbliss: Hi, thanks for the info but I’m still at a loss about what exactly C.S.S. framework is. Your...
  • Gomez the windshield monkey: Brad, Nice tip. I find I struggle with this, though. For me, this is advanced PHP...

Leave A Comment - Reap The Rewards

  • CommentLuv will fetch your last post - Free publicity!
  • NoFollow Removed - Free backlink from each post you comment on!
  • Choose to be notified of replies made to your original comment!
  • Share your prospective while learning new things and have fun meeting the community.
  • Have a question? I answer every comment with a personal response.