Give Error 404 to your plugins folder

It is crucial to hide your WordPress plugins folder. Click here for the reason why.

This is one way to do it.

Create a ".htaccess" file in the root of the WordPress installation.

Inside that file put this line of code:

Options All -Indexes

The idea is very simple. This instruction set will order Apache to not display list of files or directories, if there is no index file exists.

However, make sure not to touch anything else inside your ".htaccess" file.

Backup that file first. Even a small mistake will give your blog a "Server Error 500". If that ever happen, just restore the original ".htaccess" file.

I know what plugins you are running

If you run a Wordpress based blog, try something like this:
http://yourdomain/wp-content/plugins/

(replace "yourdomain" with your blog domain name)



Did you see what I see. Everybody can see what plugins you are running.

You can also Google for the name of some of the famous plugins. Google will display many open Wordpress based blog plugins directory.

So what is wrong if others can see them?

Usually you will use some third party plugins. Most of use did right? Either we are too lazy to write our own plugin, or we just don't know how to.

That is the problem. You don't know how secure the plugins that you are using. Maybe there is some bug found, but you are to lazy to update it to the recent version.

Hence, exposing the plugins that you are running may exposed you to some attack.

As a conclusion, hide the plugins folder.