A Wordpress Vulnerability, and How to Close It
By Rico, 8:08 am Tue Mar 4 2008 - Tips & Tricks - 2 Opinions
With many Filipinos and Filipino companies using Wordpress to build an online profile, this potential vulnerability should attract signification attention.
A few weeks ago, Eblogtemplates.com published a step-by-step on how to find out which plugins are installed on a Wordpress blog. It involves discovering where the blog platform is installed, and simply looking at that location to determine what the plugins are.
The vulnerability lies in the fact that the blog’s innards are out there for everyone to see. Particularly the list of plugins the blog uses. If a particular plugin has security holes that hackers can take advantage of, then it is that much easier for these unscrupulous elements to identify and exploit any vulnerabilities.
Technograph, a website that runs on Wordpress, has determined that placing an index.html file in a Wordpress blog’s wp-content/plugins/ directory may solve the problem. It can be blank, or can contain a helpful message leading to the blog’s home page. In any case, the file will load by default whenever someone tries to access the aforementioned directory with their web browser, preventing them from seeing the plugins.
Try visiting technogra.ph/wp-content/plugins to see our solution in action.
Luis Cruz
9:09 pm Tue Mar 4 2008
I set my index to redirect to the root. I think I’ll format it – maybe add a search box and other options like you did – some other time.
The Technographist
11:11 pm Tue Mar 4 2008
Users may find it confusing if you do a simple redirect to your home page. But, you also have a good idea. It would be better to redirect everyone to a single web page, instead of plugging in the same index.html into every directory of your Wordpress installation. It will definitely save some space!