Found a really good WordPress security tips a while ago:
Directories should not be left open for public browsing.
There is a potential problem letting people know what plug-ins you have, or what versions they are. If there is some known exploit that is linked to a plug-in, it could be easy enough for someone to use it to their advantage.
To test whether your site is vulnerable to this issue, just go to http://<your_site>/wp-content/plugins
Your site SHOULDN’T be listing all the plug-ins available on your site.
It’s fairly simple to protect your WordPress installation from public browsing:
1. Make an empty wp-content/plugins/index.html file
2. just add this line in your .htaccess file in your root:
Options All -Indexes
good info…aku baru tau camna..nampak sangat aku malas membaca…muahahah
sama la kita lan….:P
May your blogs be safe. 🙂
EXCELLENT advice. My other “favorite” security plug in for WordPress is Login LockDown from Bad Neighborhood!
Yup, that’s a very important security plugin to prevent brute-force attacks.
Good info!!! Thanks for sharing.