Don’t want people knowing which plugins you have installed on your WordPress? Don’t want people knowing what version it is? If you haven’t done this fix yet for WordPress, I can go to http://yourblogurl.com/wp-content/plugins and see everything that you have installed and what version it is.
Not so good for security is it?
The Fix:
Make a blank file and save it as “index.html” and upload it to your plugins folder. Now the method above will just produce a blank page.
If your not code savvy – I’ve made one for you to achieve the same thing and can be downloaded here. (Right-Click and select “Save As”, Upload to your plugins folder, and your done)
Related posts:
- Weekend WordPress Security Tip: Restrict Your Wp-Admin
- Weekend WordPress Security Tip: What To Do When Your Blog Is H4CK3D
- Saturday Weekend Security Tip: Remove This Useless Tag
This entry was posted in Web Security and tagged Web Security. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.
11 Comments
Great tip Brad, might I also recommend a redirect to the home page?
gadgets’s last blog post..By: bobeatspizza
This is one of the tip that is often overlooked by many. It’s a nice gesture of you to share it here with your readers.@gadget: Care to show how to redirect it to home page? I’m pretty weak on this .htaccess thingy.Yan
Blog for Beginners’s last blog post..Top 10 Blogging Tips of All Time
Oh my gosh, what a shock to see my plugin files like that! I am fixing it now, thanks@!
Peter Answers’s last blog post..Why Doesn’t Peter Answer Me?
@Yan: You can either use an HTML meta refresh tag like so:
>meta http-equiv=”refresh” content=”2;url=http://somesite.com”< (2 is the number of seconds before the refresh)or do a little php:
header("Location: http://somesite.com");
?>
best part is the php one is instant, I think there is a minimum of a 1 second delay with the meta tag.
gadgets’s last blog post..Augmented reality comes to iPhone, ARToolkit
Hmm… I tried it with my blog and didn’t get anything except my error page (I think LOL)
Interesting though
@ gadgets – Redirecting to the homepage would be a fine idea!
@ Peter Answers – Yea, It is pretty pathetic of WordPress not to automatically install that on every new installation.
@ gadgets – Thanks for your code wizardry
@ Wendy – LoL! Are you sure you typed it in right??
Cool, thanks for the tip, Brad. I’m not aware of it. You know php and me don’t really get along well sometimes…Yan
Blog for Beginners’s last blog post..20 Possible Ways to Optimize Your Blog
Glad you liked it Yan. I plan on doing one today (Sat.)
This is a little security issue that almost missed.
Armand’s last blog post..Google Adsense Website Temporarily Down
Hey, it could also be implemented into wp-content/themes and wp-content/uploads folder. Don’t you think to make a little privacy to those folders? I have visited several professional wp blogs and I could see their installed themes. That’s a funny thing, right
Armand’s last blog post..Hiding Installed Plugins For Security Reason
Man, I wish all fixes were that easy. I’ve done and tested in on wassublog and it worked a charm and so I will use it on my other blogs. Thanks brad.
2 Trackbacks
[...] WordPress is a very secure platform. There are alot of other security steps you can take to make it even safer. Did you just miss the simplest one? [...]
[...] see them all by accessing http://www.wpblogname.com/wp-content/plugins. There’s a nice tips I’ve just read and it’s very simple to [...]