Protect Your WordPress Directory from Public Browsing

Found a really good WordPress security tips a while ago:

Directories should not be left open for public browsing.

There is a potential problem letting people know what plug-ins you have, or what versions they are. If there is some known exploit that is linked to a plug-in, it could be easy enough for someone to use it to their advantage.

To test whether your site is vulnerable to this issue, just go to http://<your_site>/wp-content/plugins
Your site SHOULDN’T be listing all the plug-ins available on your site.

It’s fairly simple to protect your WordPress installation from public browsing:
1. Make an empty wp-content/plugins/index.html file
Or
2. just add this line in your .htaccess file in your root:
Options All -Indexes

Related Posts:

7 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *