Wednesday, June 4, 2008

I know what plugins you are running

If you run a Wordpress based blog, try something like this:
http://yourdomain/wp-content/plugins/

(replace "yourdomain" with your blog domain name)

plugins

Did you see what I see. Everybody can see what plugins you are running.

You can also Google for the name of some of the famous plugins. Google will display many open Wordpress based blog plugins directory.

So what is wrong if others can see them?

Usually you will use some third party plugins. Most of use did right? Either we are too lazy to write our own plugin, or we just don't know how to.

That is the problem. You don't know how secure the plugins that you are using. Maybe there is some bug found, but you are to lazy to update it to the recent version.

Hence, exposing the plugins that you are running may exposed you to some attack.

As a conclusion, hide the plugins folder.

8 comments :

  1. what if i put an index.html to the dir? izzit work? CHMOD 775

    ReplyDelete
  2. hanep: if you do it this way, you have to put into all folder the index.html file

    ReplyDelete
  3. simple create a text file called index.php upload it to the plugins folder. That way people will see a blank file when they load it.

    ReplyDelete
  4. MobileAnswers: like hanep, you have to repeat the job for other folders. Very messy.

    One more thing, I don't think that it is nice to give a blank page to the reader. A nice 404 message would be nice though.

    Hide your plugins folder technique.

    ReplyDelete
  5. [...] I know what plugins you are running How to save parking space [...]

    ReplyDelete
  6. [...] MarksPublicationsBlogPythonLaTeXWindowsLinuxPhotosTravelogAboutContact« I know what plugins you are runningHow to save parking space »Give Error 404 to your plugins folderBy Rizauddin | Published: June [...]

    ReplyDelete