Bill Hartzer
Jun 19th 2007

Tags: blogging


Vizion Interactive

One Simple Way to Protect Your WordPress Plugins

wordpress      

I’m amazed that so many popular bloggers use WordPress and don’t protect their WordPress plugins. Here’s one simple way to protect people from seeing exactly which WordPress Plugins you’re using.

First, here’s a little background about it: If you don’t have a default web page (usually index.html or default.html or something similar) in each of your web site’s folders, then people can gain direct access to that folder’s contents by accessing it in a web browser. For example, try going to www.yourdomain.com/images/ in your favorite browser. See what I mean? You’ll most likely see a list of all the files in that folder. For most people, seeing the image files in your images folder is not a big deal. In fact, I even let people see the files I have in my images folder. No big deal.

But what if folders in your installed apps are open?

That’s right. What if there are key folders in applications or scripts that are left open for everyone to view? Exactly–they can view all the files in that folder (or directory).

Like me, you may be proud of the different WordPress plugins that you are using if you’re using WordPress to power your site or blog. Did you know that a default installation of WordPress actually doesn’t protect your WordPress plugins folder? Well, it doesn’t! So, most likely, people can go here and view all of the plugins you have installed, even some custom ones if you’re using them:

www.yourdomain.com/wp-content/plugins

Try it now on your own WordPress-powered site or blog. There’s a good chance that you’ve left yourself wide open. And if you’re using an anti-spam plugin then people can see which one(s) you’re using. Not good.

To be honest with you, I kind of stumbled across the fact that most people have their plugins open for everyone to view. I was interested in a certain blogger’s plugins so-to-speak and which ones they were using because I kept seeing some additional pings and additional links to his blog (yes, this blogger shall remain nameless, but you know who you are if you’re reading this post!). I actually checked some (ahem) other popular bloggers, even bloggers in the Technorati 100 and they’ve left their plugins folder wide open.

So, if you’re reading this, here’s (finally) the way to protect your WordPress plugins from being viewed by snoops:

Copy the following code and paste it into notepad or whatever text editor you use:

plugin-fix.txt

Save the file as index.html and upload that file to your blog’s wp-content/plugins folder. Voila! Fixed! Now you have to FTP into that folder or go to the Admin section of your blog in order to view the plugins you’re using.

If people view your WordPress plugins and see which ones you have installed, then it may not actually be a big deal to you. But, if you’re like me and you use certain plugins to add certain functionality to your WordPress install, then most likely you will not want people snooping around, looking at all of the WordPress plugins that you have installed.

Are you looking for marketing services such as social media optimization, search engine marketing, pay per click program management or consulting, or search engine optimization services? Feel free to contact me.

Bill Hartzer is the head search engine marketing, social media marketing, and website marketing expert at Vizion Interactive, Dallas / Fort Worth Texas based interactive marketing firm that offers search engine optimization, pay per click, and other online marketing services. Do you need online marketing services? Let's talk!
Subscribe to RSS   - Get My Updates by Email.
    PubCon Speaker
$100 In Free Links From Text Link Ads!     SEOmoz.org - Learn From SEO Experts. Become an Expert.
    Review Me

Activity

17 total comments, leave your comment or trackback.
  1. Arlo
    Jun 19th 2007

    OR, if you are on an Apache server (most likely you are), open your favorite text editor and type:

    Options -Indexes

    Save the file as .htaccess — don’t forget the period at the beginning — in the folder. Now, you’ve turned off directory viewing all together and anyone who tries to view your plug-ins will get an error message.

    OR, since you’re running Wordpress, you’re also running PHP, so open your favorite text editor and type:

    Save the file as index.php in your plug-ins folder. Now, when someone tries to view the folder, they’ll be redirected to your home page.

  2. Arlo
    Jun 19th 2007

    Oops, some of my code got lost. Not thinking.

    The code for index.php would be:

    <?php
    header( ‘Location: http://www.yoursite.com‘ ) ;
    ?>

  3. Brian Mark
    Jun 19th 2007

    I just tried this on the wordpress installs I have and got a 403 on all of them. I guess the moral of the story is that good writers aren’t security experts.

  4. Bill Hartzer
    Jun 20th 2007

    Arlo, thanks for mentioning this. That’s definitely a good fix for it, as well. I wasn’t aware that you could add that command to the .htaccess file like that. Cool!

  5. Dan and Jennifer
    Jun 20th 2007

    Hey Bill,

    Thanks, that’s a great tip - and a very simple fix.

    Have an awesome day!
    Dan & Jennifer

  6. Angela Parker
    Jun 20th 2007

    Thanks, Bill! This is a great bit of information — and one that slipped completely under my radar before you brought it to my attention.

    Can’t thank you enough and will be sharing your blog with my own readers when I finish a posting of MUST HAVE WordPress gadgets.

    Thanks again — now I’m not sharing any more of my “gadgets” than I want to share!

  7. Jonathan Franzone
    Jun 26th 2007

    That’s awefully nice of you to give everyone a way to add a backlink to your website on their blog. ;) Seriously, I’ve never even thought about it. Thanks for the tip. I’ll be patching my installation ASAP.

  1. June 19th 2007

      Protect Important Folders in your Blog by Blog Tutorials

  2. June 19th 2007

    QuickRob - Why YES, I DID just say something inappropriate! » Blog Archive » Easy Plugins Folder Security For A Wordpress Blog

  3. June 19th 2007

    How to protect your WordPress site » wordpressgarage.com

  4. June 19th 2007

    ?????? WordPress ?? - Nicky's blog

  5. June 19th 2007

    ?????? WordPress ?? | wordpress blog xqxp.com

  6. June 19th 2007

    Monday Marketing Foo - Social Media, Search Engines, Website Marketing

  7. June 19th 2007

    ?????? | ?????? WordPress ??

  8. June 19th 2007

    Idiotprogrammer » Archive » SEO & Wordpress

  9. June 19th 2007

    World Design O! » One Simple Way to Protect Your WordPress Plugins

  10. June 19th 2007

    bonq.net/flipp » Blog Archive » wordpress primer


Leave a Reply


Search

The archives run deep. Feel free to search older content using topic keywords.

Google


Alternatively, you can use this form:

Browse by Category