16th
Weekend Wordpress Security Tip: Index.html
Don’t want people knowing which plugins you have installed on your Wordpress? Don’t want people knowing what version it is? If you haven’t done this fix yet for Wordpress, I can go to http://yourblogurl.com/wp-content/plugins and see everything that you have installed and what version it is.
Not so good for security is it?
The Fix:
Make a blank file and save it as “index.html” and upload it to your plugins folder. Now the method above will just produce a blank page.
If your not code savvy - I’ve made one for you to achieve the same thing and can be downloaded here. (Right-Click and select “Save As”, Upload to your plugins folder, and your done)
Thanks for visiting my blog! You may want to subscribe to my RSS feed so you will be able to get these personal blog tips for free!




5:20 pm on August 16th, 2008
Great tip Brad, might I also recommend a redirect to the home page?
gadgets’s last blog post..By: bobeatspizza
11:48 pm on August 16th, 2008
This is one of the tip that is often overlooked by many. It’s a nice gesture of you to share it here with your readers.@gadget: Care to show how to redirect it to home page? I’m pretty weak on this .htaccess thingy.Yan
Blog for Beginners’s last blog post..Top 10 Blogging Tips of All Time
4:18 pm on August 17th, 2008
Oh my gosh, what a shock to see my plugin files like that! I am fixing it now, thanks@!
Peter Answers’s last blog post..Why Doesn’t Peter Answer Me?
2:33 am on August 18th, 2008
[...] Wordpress is a very secure platform. There are alot of other security steps you can take to make it even safer. Did you just miss the simplest one? [...]
4:06 pm on August 18th, 2008
@Yan: You can either use an HTML meta refresh tag like so:
>meta http-equiv=”refresh” content=”2;url=http://somesite.com”< (2 is the number of seconds before the refresh)or do a little php:
header("Location: http://somesite.com“);
?>
best part is the php one is instant, I think there is a minimum of a 1 second delay with the meta tag.
gadgets’s last blog post..Augmented reality comes to iPhone, ARToolkit
2:56 pm on August 21st, 2008
Hmm… I tried it with my blog and didn’t get anything except my error page (I think LOL)
Interesting though
3:52 pm on August 22nd, 2008
@ gadgets - Redirecting to the homepage would be a fine idea!
@ Peter Answers - Yea, It is pretty pathetic of Wordpress not to automatically install that on every new installation.
@ gadgets - Thanks for your code wizardry
@ Wendy - LoL! Are you sure you typed it in right??
7:34 pm on August 22nd, 2008
Cool, thanks for the tip, Brad. I’m not aware of it. You know php and me don’t really get along well sometimes…Yan
Blog for Beginners’s last blog post..20 Possible Ways to Optimize Your Blog
4:20 am on August 23rd, 2008
Glad you liked it Yan. I plan on doing one today (Sat.)
6:11 am on August 24th, 2008
This is a little security issue that almost missed.
Armand’s last blog post..Google Adsense Website Temporarily Down
8:01 am on August 24th, 2008
[...] see them all by accessing http://www.wpblogname.com/wp-content/plugins. There’s a nice tips I’ve just read and it’s very simple to [...]
10:36 am on August 24th, 2008
Hey, it could also be implemented into wp-content/themes and wp-content/uploads folder. Don’t you think to make a little privacy to those folders? I have visited several professional wp blogs and I could see their installed themes. That’s a funny thing, right
Armand’s last blog post..Hiding Installed Plugins For Security Reason