How to secure your wordpress plugin folder listing

by Harsh Agrawal on May 1, 2009

in Wordpress

Few days back we talked about Wordpress hack to find any plugin   used by wordpress blog. Vaibhav from calling all geeks has come up with more interesting find in this series.wordpress_logo

In previous method we search for any indexed plugin in Google, though there us another way user can see the plugin used by any wordpress blog.

Simply type :

http://www.domainname.com/wp-content/plugins

Replace the domain name with the wordpress blog address. You will see result like this

wordpress_plugin_security

Though this can be vulnerable and may be a security risk for your blog.

How to secure   wordpress plugin folder listing?

One simple method as suggested by Vaibhav is by editing your .htaccess file and enter this line

Options “Indexes

If you don’t know how to edit your .htaccess file, refer to my guide on

How to edit wordpress .htaccess file

Another alternative way you can stop showing your plugin folder is   by   putting a index.html file into your plugin folder.

Simply create a black text file and name it as Index.html. Upload the file into your wordpress plugin folder.

Now user will see a blank screen. You can also add any message into that .html file for your visitors.

You might be interested to read previous article on

How to avoid wordpress comment spam by editing your .htaccess file.

Related posts:

  1. How to Create .htaccess File For Wordpress blog
  2. How to avoid Spam comments on Wordpress using .htaccess method
  3. How to edit your wordpress .htaccess file
  4. Meta robots Wordpress SEO plugin
  5. No self ping Wordpress plugin : Stop pinging your own Blog post
  6. Block Visitors From Specific IP Address Using .htaccess method
  7. How to Enable Super Cache Wordpress plugin
  8. How to stop spammer from hotlinking your blog Images using .htaccess method

Tagged as: , ,


Article by Harsh Agrawal

Harsh has written 1337 articles .

If you like This post, you can follow Shoutmeloud on Twitter.

Subscribe to Shoutmeloud feed via RSS or EMAIL to receive instant updates.

Shoutmeloud is a revenue sharing blog, Write for us and make money. Read here for more info

Wpfreelancer

{ 4 comments… read them below or add one }

1 Ruchi May 2, 2009 at 09:34

Thanks for the information. I will surely give it a try.

Ruchi™s last blog post..5 Mistakes to avoid while Making a Presentation

Reply

2 Nihar May 4, 2009 at 15:31

I have created blank index.html. But didn’t know about adding Options line .htaccess.

Do you know what does it do?

Nihar™s last blog post..Increase Blogs internal linking using SEO Smart Links Plugin

Reply

3 Harsh Agrawal May 4, 2009 at 15:37

Nihar Options “Indexes
Will prevent people from accessing your wordpress plugin, themes listing.

Reply

4 Malhar Parve December 14, 2009 at 00:16

Hi Harsh, when I add the entry “Options “Indexes” in .htaccess file, I am not able to access my blog and giving me error. Do have any idea why this was happening? Thanks in advance.

Reply

Leave a Comment

Previous post:

Next post: